CVE-2025-5542

Name of the Vulnerable Software and Affected Versions TOTOLINK X2000R version 1.0.0-B20230726.1108

Description The issue is related to a cross-site scripting vulnerability in the Virtual Server Page of the TOTOLINK X2000R router. This vulnerability can be exploited remotely by manipulating the service type argument, allowing an attacker to conduct cross-site scripting attacks. The exploit for this issue has been disclosed publicly.

Recommendations For TOTOLINK X2000R version 1.0.0-B20230726.1108, as a temporary workaround, consider restricting access to the Virtual Server Page or disabling the manipulation of the service type argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.