Skip to main content

Hi3120 Firmware

2 CVEs product

Monthly

CVE-2025-63354 MEDIUM This Month

Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript. [CVSS 4.8 MEDIUM]

XSS Hi3120 Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-66963 MEDIUM This Month

Sensitive information disclosure in Hitron HI3120 firmware 7.2.4.5.2b1 exposes credentials or session data to a local low-privileged attacker through the device's web management interface Logout function in index.html. The root cause, indicated by the 'Insufficient Session Expiration' tag, is that the logout action fails to fully invalidate or clear sensitive session artifacts, leaving them recoverable post-logout. No active exploitation is confirmed (EPSS 0.11%, 1st percentile), and the attack surface is constrained to local access with low privileges, significantly limiting real-world impact despite the High confidentiality rating.

Information Disclosure Hi3120 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
EPSS 0% CVSS 4.8
MEDIUM This Month

Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript. [CVSS 4.8 MEDIUM]

XSS Hi3120 Firmware
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Sensitive information disclosure in Hitron HI3120 firmware 7.2.4.5.2b1 exposes credentials or session data to a local low-privileged attacker through the device's web management interface Logout function in index.html. The root cause, indicated by the 'Insufficient Session Expiration' tag, is that the logout action fails to fully invalidate or clear sensitive session artifacts, leaving them recoverable post-logout. No active exploitation is confirmed (EPSS 0.11%, 1st percentile), and the attack surface is constrained to local access with low privileges, significantly limiting real-world impact despite the High confidentiality rating.

Information Disclosure Hi3120 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy