Sign-up

ID

VAR-202506-0055


CVE

CVE-2025-5506


TITLE

TOTOLINK A3002RU NAT Mapping Page component cross-site scripting vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-12124

DESCRIPTION

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK A3002RU is a wireless router product of China's Jiong Electronics (TOTOLINK) Company. No detailed vulnerability details are currently provided

Trust: 1.44

sources: NVD: CVE-2025-5506 // CNVD: CNVD-2025-12124

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12124

AFFECTED PRODUCTS

vendor:totolinkmodel:a3002ru 2.1.1-b20230720.1011scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12124

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-5506
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-12124
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-5506
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-12124
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-5506
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-12124 // NVD: CVE-2025-5506

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:CWE-94

Trust: 1.0

sources: NVD: CVE-2025-5506

EXTERNAL IDS

db:NVDid:CVE-2025-5506

Trust: 1.6

db:VULDBid:310920

Trust: 1.0

db:CNVDid:CNVD-2025-12124

Trust: 0.6

sources: CNVD: CNVD-2025-12124 // NVD: CVE-2025-5506

REFERENCES

url:https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/a3002ru_v2/xss_nat_mapping

Trust: 1.6

url:https://vuldb.com/?ctiid.310920

Trust: 1.0

url:https://www.totolink.net/

Trust: 1.0

url:https://vuldb.com/?submit.584663

Trust: 1.0

url:https://vuldb.com/?id.310920

Trust: 1.0

sources: CNVD: CNVD-2025-12124 // NVD: CVE-2025-5506

SOURCES

db:CNVDid:CNVD-2025-12124
db:NVDid:CVE-2025-5506

LAST UPDATE DATE

2025-06-14T23:09:13.181000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12124date:2025-06-11T00:00:00
db:NVDid:CVE-2025-5506date:2025-06-04T14:54:33.783

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12124date:2025-06-11T00:00:00
db:NVDid:CVE-2025-5506date:2025-06-03T15:16:00.897