Sign-up

ID

VAR-202504-3292


CVE

CVE-2025-3995


TITLE

TOTOLINK  of  N150RT  Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004829

DESCRIPTION

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be tampered with. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. There is a cross-site scripting vulnerability in the 3.4.0-B20190525 version of TOTOLINK N150RT. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads

Trust: 2.16

sources: NVD: CVE-2025-3995 // JVNDB: JVNDB-2025-004829 // CNVD: CNVD-2025-09850

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-09850

AFFECTED PRODUCTS

vendor:totolinkmodel:n150rtscope:eqversion:3.4.0-b20190525

Trust: 1.0

vendor:totolinkmodel:n150rtscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:n150rtscope: - version: -

Trust: 0.8

vendor:totolinkmodel:n150rtscope:eqversion:n150rt firmware 3.4.0-b20190525

Trust: 0.8

vendor:totolinkmodel:n150rt 3.4.0-b20190525scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-09850 // JVNDB: JVNDB-2025-004829 // NVD: CVE-2025-3995

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-3995
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-3995
value: LOW

Trust: 1.0

OTHER: JVNDB-2025-004829
value: LOW

Trust: 0.8

CNVD: CNVD-2025-09850
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-3995
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004829
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-09850
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-3995
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-3995
baseSeverity: LOW
baseScore: 3.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-004829
baseSeverity: LOW
baseScore: 3.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-09850 // JVNDB: JVNDB-2025-004829 // NVD: CVE-2025-3995 // NVD: CVE-2025-3995

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.0

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

problemtype: Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

problemtype: Code injection (CWE-94) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004829 // NVD: CVE-2025-3995

PATCH

title:Patch for TOTOLINK N150RT LAN Settings Page component cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/687801

Trust: 0.6

sources: CNVD: CNVD-2025-09850

EXTERNAL IDS

db:NVDid:CVE-2025-3995

Trust: 3.2

db:VULDBid:306331

Trust: 1.8

db:JVNDBid:JVNDB-2025-004829

Trust: 0.8

db:CNVDid:CNVD-2025-09850

Trust: 0.6

sources: CNVD: CNVD-2025-09850 // JVNDB: JVNDB-2025-004829 // NVD: CVE-2025-3995

REFERENCES

url:https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/n150rt/xss_lan_settings

Trust: 2.4

url:https://vuldb.com/?id.306331

Trust: 1.8

url:https://vuldb.com/?submit.557946

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.306331

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-3995

Trust: 0.8

sources: CNVD: CNVD-2025-09850 // JVNDB: JVNDB-2025-004829 // NVD: CVE-2025-3995

SOURCES

db:CNVDid:CNVD-2025-09850
db:JVNDBid:JVNDB-2025-004829
db:NVDid:CVE-2025-3995

LAST UPDATE DATE

2025-05-17T03:54:02.563000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-09850date:2025-05-15T00:00:00
db:JVNDBid:JVNDB-2025-004829date:2025-05-13T12:49:00
db:NVDid:CVE-2025-3995date:2025-05-12T19:30:44.143

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-09850date:2025-05-13T00:00:00
db:JVNDBid:JVNDB-2025-004829date:2025-05-13T00:00:00
db:NVDid:CVE-2025-3995date:2025-04-28T02:15:14.510