This page lists publicly disclosed CVE vulnerabilities affecting hitrontech hi3120_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-63354 | Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript. | [email protected] | 4.8 | 0.15% | 2026-02-09 | 2026-06-17 |
| CVE-2025-66963 | An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html | [email protected] | 5.5 | 0.11% | 2025-12-15 | 2026-06-17 |