CVE-2025-5543: TOTOLINK X2000R Parent Controls Page cross site scripting

2.4 CVSS

Description

A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In TOTOLINK X2000R 1.0.0-B20230726.1108 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Parent Controls Page. Dank Manipulation des Arguments Device Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-5543

CVSS Base Severity: LOW

CVSS Base Score: 2.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Problem Types

Cross Site Scripting Code Injection

Affected Products

Vendor: TOTOLINK

Product: X2000R

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 25.99% (scored less or equal to compared to others)

EPSS Date: 2025-06-05 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5543
https://vuldb.com/?id.310993
https://vuldb.com/?ctiid.310993
https://vuldb.com/?submit.585728
https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_parent_control
https://www.totolink.net/

Timeline

2025-06-03 23:40:19 UTC
CVE

TOTOLINK X2000R Parent Controls Page cross site scripting