CVE Details
Basic Information
| Title | TOTOLINK X2000R Parent Controls Page cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-06-03T22:31:06.988Z |
| Last Seen |
Product Information
| Vendor | TOTOLINK |
|---|---|
| Product | X2000R |
| Version | 1.0.0-B20230726.1108 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability exists in the Parent Controls Page of TOTOLINK X2000R routers. This vulnerability allows remote attackers to inject malicious scripts via the Device Name argument, potentially leading to unauthorized actions. |
|---|---|
| AI Severity | Medium |
| Vendor | TOTOLINK |
| Product | X2000R |
| Affected Version | 1.0.0-B20230726.1108 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family | |
| Source Data | TOTOLINK X2000R 1.0.0-B20230726.1108 |
Source Information
| Source Data | TOTOLINK X2000R 1.0.0-B20230726.1108 |
|---|---|
| Source Link |
Description
A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 4.8 (MEDIUM)