CVE-2025-65349 is a stored cross-site scripting (XSS) vulnerability identified in the web management interface of the Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211. The vulnerability stems from the failure to properly sanitize the repeater AP SSID value before rendering it on the /index.htm page of the router’s web interface. Since the SSID is user-controllable, an attacker can inject malicious JavaScript code into the SSID field. When an administrator or user accesses the router’s management page, the injected script executes in the context of the router’s web interface, potentially allowing the attacker to hijack sessions, steal credentials, or perform actions on behalf of the user. This type of stored XSS is particularly dangerous because the malicious payload persists on the device and affects any user who views the page. The vulnerability does not require authentication to inject the payload if the attacker can set the SSID (e.g., by configuring a repeater AP or via other network access). However, exploitation requires the victim to access the affected page. No CVSS score has been assigned yet, and no public exploits are known at this time. The vulnerability highlights the risks associated with insufficient input validation in embedded device management interfaces, which are often overlooked in security assessments. The Each Italy Wireless Mini Router is a consumer-grade device, but such vulnerabilities can be leveraged to pivot attacks into internal networks, especially in small office or home office environments.

For European organizations, the impact of this vulnerability can be significant, especially for small and medium enterprises (SMEs) and home office users relying on the Each Italy Wireless Mini Router or similar devices. Exploitation could lead to unauthorized access to router management functions, enabling attackers to alter network configurations, redirect traffic, or deploy further malware. The stored nature of the XSS means that multiple users accessing the interface could be compromised, increasing the attack surface. Confidentiality is at risk due to potential credential theft and session hijacking. Integrity can be compromised if attackers modify router settings. Availability could be indirectly affected if attackers disrupt network configurations or cause device malfunctions. Given the router’s role as a network gateway, successful exploitation could facilitate lateral movement into internal networks, threatening broader organizational assets. The lack of known exploits currently reduces immediate risk but does not eliminate the potential for future attacks. European organizations with limited IT security resources may be particularly vulnerable due to the common use of consumer-grade routers without rigorous security controls.

To mitigate this vulnerability, organizations should first restrict access to the router’s web management interface by limiting it to trusted IP addresses or disabling remote management altogether. Network segmentation should be employed to isolate management interfaces from general user networks. Administrators should update the router firmware if and when a vendor patch becomes available, or consider replacing the device with a more secure alternative if no patch is forthcoming. In the interim, monitoring network traffic for unusual SSID values or suspicious management interface access can help detect exploitation attempts. Employing web application firewalls or intrusion detection systems that can identify XSS payloads may provide additional protection. Educating users and administrators about the risks of interacting with untrusted network devices and the importance of strong, unique credentials for device management is also critical. Finally, vendors should be urged to implement proper input validation and output encoding in their management interfaces to prevent such vulnerabilities.