CVE-2025-3994

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.6%
top 31.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N150rtTotolink N150rt Firmware
Timeline
PublishedApr 28
Latest updateMay 8

Description

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/n150rt3.4.0-B20190525
NVDtotolink/n150rt_firmware3.4.0-b20190525

🔴Vulnerability Details

2
CVEList
TOTOLINK N150RT IP Port Filtering home.htm cross site scripting2025-04-28
GHSA
GHSA-wf2f-p7f8-m7p2: A vulnerability was found in TOTOLINK N150RT 32025-04-28

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Totolink BufferOverflow Attempt formRoute metric Parameter Denial of Service Attempt2025-05-08
CVE-2025-3994 (MEDIUM CVSS 4.8) | A vulnerability was found in TOTOLI | cvebase.io