cbcvebase.

Fanvil X210 Firmware vulnerabilities

6 known vulnerabilities affecting fanvil/x210_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-64055P2CRITICALCVSS 9.8v2.12.202025-12-03
CVE-2025-64055 [CRITICAL] CWE-287 CVE-2025-64055: An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local ne An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
nvd
CVE-2025-64057P3HIGHCVSS 8.3v2.12.202025-12-05
CVE-2025-64057 [HIGH] CWE-22 CVE-2025-64057: Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.
nvd
CVE-2025-64053P3HIGHCVSS 7.5v2.12.202025-12-05
CVE-2025-64053 [HIGH] CWE-120 CVE-2025-64053: A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
nvd
CVE-2025-64054P3CRITICALCVSS 9.6v2.12.202025-12-05
CVE-2025-64054 [CRITICAL] CWE-79 CVE-2025-64054: A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
nvd
CVE-2025-64052P3MEDIUMCVSS 5.1v2.12.202025-12-05
CVE-2025-64052 [MEDIUM] CWE-77 CVE-2025-64052: An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local ne An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands.
nvd
CVE-2025-64056P4MEDIUMCVSS 4.3v2.12.202025-12-05
CVE-2025-64056 [MEDIUM] CWE-306 CVE-2025-64056: File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local ne File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.
nvd
Fanvil X210 Firmware vulnerabilities | cvebase