CVE-2025-26202

MEDIUM

DZS Router Web Interface - Authenticated Stored Cross-Site Scripting in Wireless Security Passphrase Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-26202. PoCs published by A17-ba.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2025-26202, describing a stored XSS vulnerability in the DZS Router Web Interface. The vulnerability allows an authenticated attacker to inject malicious JavaScript into the WPA/WAPI Passphrase field, which executes when viewed by an administrator.

Description

Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the "Click here to display" option on the Status page

Exploits (1)

nomisec WRITEUP 2 stars
by A17-ba · poc
https://github.com/A17-ba/CVE-2025-26202-Details

This repository contains a detailed writeup for CVE-2025-26202, describing a stored XSS vulnerability in the DZS Router Web Interface. The vulnerability allows an authenticated attacker to inject malicious JavaScript into the WPA/WAPI Passphrase field, which executes when viewed by an administrator.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: DZS ZNID-GPON-2428B1-0ST with Firmware Version S4.2.022
Auth required
Prerequisites: Authenticated access to the router's web interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 4.3
EPSS 0.0065
EPSS Percentile 46.1%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Mar 04, 2025
Tracked Since Feb 18, 2026