CVE-2025-5543

A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20230726.1108:*:*:*:*:*:*:*
cpe:2.3:h:totolink:x2000r:-:*:*:*:*:*:*:*

History

06 Jun 2025, 18:47

Type Values Removed Values Added
References () https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_parent_control - () https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_parent_control - Exploit
References () https://vuldb.com/?ctiid.310993 - () https://vuldb.com/?ctiid.310993 - Permissions Required, Vendor Advisory
References () https://vuldb.com/?id.310993 - () https://vuldb.com/?id.310993 - Third Party Advisory, Vendor Advisory
References () https://vuldb.com/?submit.585728 - () https://vuldb.com/?submit.585728 - Third Party Advisory, Vendor Advisory
References () https://www.totolink.net/ - () https://www.totolink.net/ - Product
First Time Totolink x2000r
Totolink
Totolink x2000r Firmware
CPE cpe:2.3:h:totolink:x2000r:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20230726.1108:*:*:*:*:*:*:*

04 Jun 2025, 14:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en TOTOLINK X2000R 1.0.0-B20230726.1108. Se ha declarado problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente Parent Controls Page. La manipulación del argumento "Device Name" provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
References () https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_parent_control - () https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_parent_control -

03 Jun 2025, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-03 23:15

Updated : 2025-06-06 18:47


NVD link : CVE-2025-5543

Mitre link : CVE-2025-5543

CVE.ORG link : CVE-2025-5543


JSON object : View

Products Affected

totolink

  • x2000r_firmware
  • x2000r
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')