CVE-2025-5543

TOTOLINK X2000R Parent Controls Page cross site scripting

CVSS 4.8 MEDIUMEPSS 0.3%CWE-79 CWE-94

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

03 Jun 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

TOTOLINK · X2000R

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_parent_control https://vuldb.com/?ctiid.310993 https://vuldb.com/?id.310993 https://vuldb.com/?submit.585728 https://www.totolink.net/