Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 8, 2025
CVE-2025-64054
CVE-2025-64054
Description
A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
Affected products
2- Fanvil/x210description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.