Details of VAR-202506-0407

ID

VAR-202506-0407

CVE

CVE-2025-5543

TITLE

TOTOLINK of x2000r Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006467

DESCRIPTION

A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of x2000r Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X2000R is a wireless router produced by China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-5543 // JVNDB: JVNDB-2025-006467 // CNVD: CNVD-2025-12149

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12149

AFFECTED PRODUCTS

vendor:	totolink	model:	x2000r	scope:	eq	version:	1.0.0-b20230726.1108	Trust: 1.0
vendor:	totolink	model:	x2000r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	x2000r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	x2000r	scope:	eq	version:	x2000r firmware 1.0.0-b20230726.1108	Trust: 0.8
vendor:	totolink	model:	x2000r 1.0.0-b20230726.1108	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12149 // JVNDB: JVNDB-2025-006467 // NVD: CVE-2025-5543

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5543
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-5543
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-006467
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-12149
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2025-5543
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-006467
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12149
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5543
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-5543
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-006467
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12149 // JVNDB: JVNDB-2025-006467 // NVD: CVE-2025-5543 // NVD: CVE-2025-5543

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.0
problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8
problemtype:	Code injection (CWE-94) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006467 // NVD: CVE-2025-5543

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5543	Trust: 3.2
db:	VULDB	id:	310993	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-006467	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12149	Trust: 0.6

sources: CNVD: CNVD-2025-12149 // JVNDB: JVNDB-2025-006467 // NVD: CVE-2025-5543

REFERENCES

url:	https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/x2000r/xss_parent_control	Trust: 2.4
url:	https://vuldb.com/?id.310993	Trust: 1.8
url:	https://vuldb.com/?submit.585728	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://vuldb.com/?ctiid.310993	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5543	Trust: 0.8

sources: CNVD: CNVD-2025-12149 // JVNDB: JVNDB-2025-006467 // NVD: CVE-2025-5543

SOURCES

db:	CNVD	id:	CNVD-2025-12149
db:	JVNDB	id:	JVNDB-2025-006467
db:	NVD	id:	CVE-2025-5543

LAST UPDATE DATE

2025-06-14T22:51:57.036000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12149	date:	2025-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-006467	date:	2025-06-09T02:57:00
db:	NVD	id:	CVE-2025-5543	date:	2025-06-06T18:47:47.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12149	date:	2025-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-006467	date:	2025-06-09T00:00:00
db:	NVD	id:	CVE-2025-5543	date:	2025-06-03T23:15:20.953