Details of VAR-202506-0048

ID

VAR-202506-0048

CVE

CVE-2025-5507

TITLE

TOTOLINK A3002RU MAC Filtering Page component cross-site scripting vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-12123

DESCRIPTION

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK A3002RU is a wireless router product of China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

Trust: 1.44

sources: NVD: CVE-2025-5507 // CNVD: CNVD-2025-12123

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12123

AFFECTED PRODUCTS

vendor:

totolink

model:

a3002ru 2.1.1-b20230720.1011

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-12123

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5507
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-12123
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2025-5507
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-12123
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5507
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-12123 // NVD: CVE-2025-5507

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	CWE-94	Trust: 1.0

sources: NVD: CVE-2025-5507

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5507	Trust: 1.6
db:	VULDB	id:	310921	Trust: 1.0
db:	CNVD	id:	CNVD-2025-12123	Trust: 0.6

sources: CNVD: CNVD-2025-12123 // NVD: CVE-2025-5507

REFERENCES

url:	https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/a3002ru_v2/xss_mac_filtering	Trust: 1.6
url:	https://www.totolink.net/	Trust: 1.0
url:	https://vuldb.com/?ctiid.310921	Trust: 1.0
url:	https://vuldb.com/?submit.584664	Trust: 1.0
url:	https://vuldb.com/?id.310921	Trust: 1.0

sources: CNVD: CNVD-2025-12123 // NVD: CVE-2025-5507

SOURCES

db:	CNVD	id:	CNVD-2025-12123
db:	NVD	id:	CVE-2025-5507

LAST UPDATE DATE

2025-06-14T23:04:17.890000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12123	date:	2025-06-11T00:00:00
db:	NVD	id:	CVE-2025-5507	date:	2025-06-04T14:54:33.783

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12123	date:	2025-06-11T00:00:00
db:	NVD	id:	CVE-2025-5507	date:	2025-06-03T16:15:26.423