CVE-2025-3995

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.3%
top 42.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N150rtTotolink N150rt Firmware
Timeline
PublishedApr 28

Description

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/n150rt3.4.0-B20190525
NVDtotolink/n150rt_firmware3.4.0-b20190525

🔴Vulnerability Details

2
CVEList
TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting2025-04-28
GHSA
GHSA-82h5-4q54-hmm8: A vulnerability was found in TOTOLINK N150RT 32025-04-28
CVE-2025-3995 (MEDIUM CVSS 4.8) | A vulnerability was found in TOTOLI | cvebase.io