CVE-2025-4852

Sažetak

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/A3002RU_V2/XSS_VPN
https://vuldb.com/?ctiid.309323
https://vuldb.com/?id.309323
https://vuldb.com/?submit.575099
https://www.totolink.net/
https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/A3002RU_V2/XSS_VPN

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:M/C:N/I:P/A:N

Zadnje važnije ažuriranje

04-06-2025 - 20:10

Objavljeno

18-05-2025 - 04:15