Description

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In TOTOLINK A3002RU 2.1.1-B20230720.1011 wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Komponente MAC Filtering Page. Mittels Manipulieren des Arguments Comment mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-5507

CVSS Base Severity: LOW

CVSS Base Score: 2.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Affected Products

Vendor: TOTOLINK

Product: A3002RU

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 25.98% (scored less or equal to compared to others)

EPSS Date: 2025-06-04 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5507
https://vuldb.com/?id.310921
https://vuldb.com/?ctiid.310921
https://vuldb.com/?submit.584664
https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/A3002RU_V2/XSS_Mac_filtering
https://www.totolink.net/

Timeline