CVE-2025-5505
TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Eine problematische Schwachstelle wurde in TOTOLINK A3002RU 2.1.1-B20230720.1011 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /boafrm/formPortFw der Komponente Virtual Server Page. Durch Manipulation des Arguments service_type mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-03: | Advisory disclosed |
| 2025-06-03: | VulDB entry created |
| 2025-06-03: | VulDB entry last update |
lcyf-fizz (VulDB User)
vuldb.com/?id.310919 (VDB-310919 | TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting)
vuldb.com/?ctiid.310919 (VDB-310919 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.584662 (Submit #584662 | TOTOLINK A3002RU_V2 V2.1.1-B20230720.1011 Cross Site Scripting)
github.com/...t_vuls/tree/main/A3002RU_V2/XSS_virtual_server
www.totolink.net/
Support options
