CVE-2025-5543

Name of the Vulnerable Software and Affected Versions TOTOLINK X2000R version 1.0.0-B20230726.1108

Description A vulnerability was found in the Parent Controls Page component of the affected software. The issue arises from the manipulation of the Device Name argument, leading to cross-site scripting. This can be exploited remotely.

Recommendations For TOTOLINK X2000R version 1.0.0-B20230726.1108, as a temporary workaround, consider restricting access to the Parent Controls Page until a patch is available. Avoid using the Device Name argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.