CVE-2025-65349 is a stored Cross-Site Scripting (XSS) vulnerability identified in the web management interface of the Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211. The vulnerability stems from the failure to properly sanitize the repeater Access Point (AP) SSID value before rendering it on the /index.htm page. Because the SSID value is user-controllable and reflected without adequate filtering, an attacker can craft a malicious SSID payload that, when displayed by the router’s web interface, executes arbitrary JavaScript code in the context of the victim’s browser session. This type of vulnerability is classified under CWE-79. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L), and low privileges (PR:L), with user interaction needed (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component. The impact affects confidentiality and integrity partially (C:L/I:L), but does not affect availability (A:N). The vulnerability allows attackers to potentially steal session cookies, manipulate the router’s web interface, or perform actions on behalf of the legitimate user, leading to partial compromise of the device’s management. No patches or known exploits are currently available, and the vulnerability was published on January 15, 2026. The router model affected is a consumer-grade wireless mini router, commonly used in small office/home office (SOHO) environments.

For European organizations, especially small and medium enterprises (SMEs) and residential users relying on the Each Italy Wireless Mini Router WIRELESS-N 300M, this vulnerability poses a moderate risk. Exploitation could lead to unauthorized access to the router’s management interface, enabling attackers to steal sensitive configuration data or manipulate network settings. This could facilitate further attacks such as network traffic interception or redirection. While the vulnerability does not directly affect availability, the compromise of confidentiality and integrity can undermine network security and user privacy. In environments where these routers are used as part of critical infrastructure or in home offices connected to corporate networks, the risk is amplified. The requirement for low privileges and user interaction means attackers might leverage social engineering or insider threats. The absence of known exploits reduces immediate risk but also means organizations should proactively monitor and prepare for potential future attacks.

To mitigate CVE-2025-65349, organizations should first restrict access to the router’s web management interface by limiting it to trusted networks and using strong authentication mechanisms. Network segmentation can prevent unauthorized access from less secure network segments. Administrators should monitor router logs and network traffic for unusual activity indicative of exploitation attempts. Since no official patch is available, users should consider replacing vulnerable devices with updated models or firmware from trusted vendors. If possible, disable the repeater functionality or SSID broadcasting features that accept external input until a fix is released. Educate users about the risks of interacting with suspicious network devices or SSIDs. Implement web application firewalls (WAFs) or intrusion detection systems (IDS) that can detect and block XSS payloads targeting the router’s interface. Finally, maintain an inventory of network devices to quickly identify and isolate vulnerable hardware.