{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-3996","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-04-26T08:16:04.603Z","datePublished":"2025-04-28T02:00:08.263Z","dateUpdated":"2025-04-28T18:19:12.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-04-28T02:00:08.263Z"},"title":"TOTOLINK N150RT MAC Filtering Page home.htm cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"TOTOLINK","product":"N150RT","versions":[{"version":"3.4.0-B20190525","status":"affected"}],"modules":["MAC Filtering Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Eine problematische Schwachstelle wurde in TOTOLINK N150RT 3.4.0-B20190525 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /home.htm der Komponente MAC Filtering Page. Durch Manipulation des Arguments Comment mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N"}}],"timeline":[{"time":"2025-04-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-04-26T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-04-26T10:21:26.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"lcyf-fizz (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.306332","name":"VDB-306332 | TOTOLINK N150RT MAC Filtering Page home.htm cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.306332","name":"VDB-306332 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.557947","name":"Submit #557947 | TOTOLINK N150RT V3.4.0-B20190525 Cross Site Scripting","tags":["third-party-advisory"]},{"url":"https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_MAC_filering","tags":["exploit"]},{"url":"https://www.totolink.net/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-28T18:14:10.500303Z","id":"CVE-2025-3996","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-28T18:19:12.000Z"}}]}}