TOTOLINK A3002RU is an AC1200 wireless dual-band gigabit router. ddns.htm in TOTOLINK A3002R version 1.1.1-B20200824 is vulnerable to cross-site scripting. An attacker can modify the “domain” field, “server address” field, “username/email” or "password/key " field to execute arbitrary JavaScript.