VYPR
Unrated severityNVD Advisory· Published May 18, 2025· Updated May 19, 2025

TOTOLINK A3002R VPN Page cross site scripting

CVE-2025-4852

Description

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected products

2
  • Totolink/A3002RUllm-fuzzy2 versions
    2.1.1-B20230720.1011+ 1 more
    • (no CPE)range: 2.1.1-B20230720.1011
    • (no CPE)range: 2.1.1-B20230720.1011

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.