CVE-2025-4461 Information

Description

A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Reference

https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_Virtual_Server https://vuldb.com/?ctiid.308080 https://vuldb.com/?id.308080 https://vuldb.com/?submit.565957 https://www.totolink.net/

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

2.4