CVE-2025-4461

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 67.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N150rtTotolink N150rt Firmware
Timeline
PublishedMay 9

Description

A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/n150rt3.4.0-B20190525
NVDtotolink/n150rt_firmware3.4.0-b20190525

🔴Vulnerability Details

2
CVEList
TOTOLINK N150RT Virtual Server Page cross site scripting2025-05-09
GHSA
GHSA-vvw8-h7mx-m7jj: A vulnerability classified as problematic was found in TOTOLINK N150RT 32025-05-09
CVE-2025-4461 (MEDIUM CVSS 4.8) | A vulnerability classified as probl | cvebase.io