CVE-2025-5508

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU version 2.1.1-B20230720.1011

Description The issue is related to the IP/Port Filtering module of the TOTOLINK A3002RU router's firmware, where the Comment parameter is not properly protected, leading to cross-site scripting (XSS) attacks. This can be exploited remotely. The vendor was contacted about the disclosure but did not respond.

Recommendations As a temporary workaround, consider disabling the IP Port Filtering Page until a patch is available. Restrict access to the IP Port Filtering Page to minimize the risk of exploitation. Avoid using the Comment argument in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.