CVE-2025-65349

EUVD-2026-2707
A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at /index.htm.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
eachitalywireless_mini_router_wireless-n_300m_firmware
28k.minirouter.20190211:k.minirouter
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/5ulfur/security-advisories/tree/main/CVE-2025-65349
https://imgur.com/a/X9DNOBj