Details of VAR-202506-0042

ID

VAR-202506-0042

CVE

CVE-2025-5508

TITLE

TOTOLINK of A3002RU Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006468

DESCRIPTION

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A3002RU Firmware has a cross-site scripting vulnerability.Information may be tampered with. TOTOLINK A3002RU is a wireless router product of China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-5508 // JVNDB: JVNDB-2025-006468 // CNVD: CNVD-2025-12122

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12122

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002ru	scope:	eq	version:	2.1.1-b20230720.1011	Trust: 1.0
vendor:	totolink	model:	a3002ru	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	eq	version:	a3002ru firmware 2.1.1-b20230720.1011	Trust: 0.8
vendor:	totolink	model:	a3002ru 2.1.1-b20230720.1011	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12122 // JVNDB: JVNDB-2025-006468 // NVD: CVE-2025-5508

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5508
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-5508
value:	LOW
Trust: 1.0
OTHER:	JVNDB-2025-006468
value:	LOW
Trust: 0.8
CNVD:	CNVD-2025-12122
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2025-5508
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-006468
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12122
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5508
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-5508
baseSeverity:	LOW
baseScore:	3.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-006468
baseSeverity:	LOW
baseScore:	3.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12122 // JVNDB: JVNDB-2025-006468 // NVD: CVE-2025-5508 // NVD: CVE-2025-5508

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	CWE-94	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8
problemtype:	Code injection (CWE-94) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006468 // NVD: CVE-2025-5508

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5508	Trust: 3.2
db:	VULDB	id:	310922	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-006468	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12122	Trust: 0.6

sources: CNVD: CNVD-2025-12122 // JVNDB: JVNDB-2025-006468 // NVD: CVE-2025-5508

REFERENCES

url:	https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/a3002ru_v2/xss_ip_port_filtering	Trust: 2.4
url:	https://vuldb.com/?id.310922	Trust: 1.8
url:	https://vuldb.com/?submit.584671	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://vuldb.com/?ctiid.310922	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5508	Trust: 0.8

sources: CNVD: CNVD-2025-12122 // JVNDB: JVNDB-2025-006468 // NVD: CVE-2025-5508

SOURCES

db:	CNVD	id:	CNVD-2025-12122
db:	JVNDB	id:	JVNDB-2025-006468
db:	NVD	id:	CVE-2025-5508

LAST UPDATE DATE

2025-06-14T23:09:41.183000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12122	date:	2025-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-006468	date:	2025-06-09T02:57:00
db:	NVD	id:	CVE-2025-5508	date:	2025-06-06T15:14:29.550

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12122	date:	2025-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-006468	date:	2025-06-09T00:00:00
db:	NVD	id:	CVE-2025-5508	date:	2025-06-03T16:15:26.627