CVE-2025-5506

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU version 2.1.1-B20230720.1011

Description A vulnerability was found in the NAT Mapping Page component of the affected software. The issue is related to the manipulation of the Comment argument, which leads to cross-site scripting. This can be exploited remotely. The vendor was contacted about the disclosure but did not respond.

Recommendations For TOTOLINK A3002RU version 2.1.1-B20230720.1011, as a temporary workaround, consider restricting access to the NAT Mapping Page or disabling the manipulation of the Comment argument until a patch is available. Avoid using the Comment parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.