CVE-2025-3996

Published Apr 28, 2025

Last updated a month ago

CVSS medium 4.8

Overview

Description
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Source
cna@vuldb.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
4.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
4.8
Impact score
2.7
Exploitability score
1.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

CVSS 2.0

Type
Secondary
Base score
3.3
Impact score
2.9
Exploitability score
6.4
Vector string
AV:N/AC:L/Au:M/C:N/I:P/A:N

Weaknesses

cna@vuldb.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-3996 Cross-Site Scripting in TOTOLINK N150RT Router via MAC Filtering Comment Parameter https://t.co/WwQg70rJ5x

    @VulmonFeeds

    28 Apr 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-3996 A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.h… https://t.co/TMG03oeXc8

    @CVEnew

    28 Apr 2025

    686 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.