Captive Portal
by Arista
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6980 | Hig | 0.49 | 7.5 | 0.00 | Oct 23, 2025 | Captive Portal can expose sensitive information | |
| CVE-2025-11190 | 0.00 | — | 0.00 | Oct 10, 2025 | The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website. | ||
| CVE-2025-11189 | 0.00 | — | 0.00 | Oct 10, 2025 | The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution. | ||
| CVE-2025-11188 | 0.00 | — | 0.00 | Oct 10, 2025 | The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database. |
- risk 0.49cvss 7.5epss 0.00
Captive Portal can expose sensitive information
- CVE-2025-11190Oct 10, 2025risk 0.00cvss —epss 0.00
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
- CVE-2025-11189Oct 10, 2025risk 0.00cvss —epss 0.00
The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.
- CVE-2025-11188Oct 10, 2025risk 0.00cvss —epss 0.00
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.