CVE-2025-5505

🗓️ 03 Jun 2025 15:00:20Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 45 Views🌐 WEB

Vulnerability CVE-2025-5505 in TOTOLINK A3002RU allows cross site scripting exploitation remotely.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-5505	3 Jun 202516:37	–	circl
CNNVD	TOTOLINK A3002RU 代码注入漏洞	3 Jun 202500:00	–	cnnvd
CNVD	TOTOLINK A3002RU Virtual Server Page Component Cross-Site Scripting Vulnerability	11 Jun 202500:00	–	cnvd
Cvelist	CVE-2025-5505 TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting	3 Jun 202515:00	–	cvelist
EUVD	EUVD-2025-16739	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5505	3 Jun 202515:16	–	nvd
OSV	CVE-2025-5505	3 Jun 202515:16	–	osv
Positive Technologies	PT-2025-23632 · Totolink · Totolink A3002Ru	26 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5505	5 Jun 202515:26	–	redhatcve
Vulnrichment	CVE-2025-5505 TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting	3 Jun 202515:00	–	vulnrichment

NVD

Node

totolink a3002ru_firmwareMatch2.1.1-b20230720.1011

AND

totolink a3002ruMatch-

[
  {
    "vendor": "TOTOLINK",
    "product": "A3002RU",
    "versions": [
      {
        "version": "2.1.1-B20230720.1011",
        "status": "affected"
      }
    ],
    "modules": [
      "Virtual Server Page"
    ]
  }
]

Source	Link
totolink	www.totolink.net/
vuldb	www.vuldb.com/
github	www.github.com/fizz-is-on-the-way/Iot_vuls/tree/main/A3002RU_V2/XSS_virtual_server
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
service_type	query param	/boafrm/formPortFw	Cross-site scripting vulnerability in TOTOLINK A3002RU 2.1.1-B20230720.1011: manipulation of the service_type parameter in /boafrm/formPortFw leads to XSS.	CWE-79, CWE-94

17 Jun 2025 20:40Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.12.4

CVSS 23.3

CVSS 44.8

CVSS 32.4

EPSS0.00351

SSVC