CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21603: Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and...

4.8 CVSS

Description

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL.

Classification

CVE ID: CVE-2025-21603

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.8

Affected Products

Vendor: PLANEX COMMUNICATIONS INC.

Product: MZK-DP300N

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-06 (when was this score calculated)

References

https://www.planex.co.jp/support/download/mzk-dp300n/
https://jvn.jp/en/jp/JVN57428125/

Timeline

2025-01-09 00:30:36 UTC
CVE

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and...