CVE-2025-4460

A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published: May 9, 2025
Updated: May 24, 2025
CVE: CVE-2025-4460
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-94
CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
totolink / n150rt_firmware	3.4.0-b20190525	3.4.0-b20190525.x

https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_Url_filering
https://vuldb.com/?ctiid.308079
https://vuldb.com/?id.308079
https://vuldb.com/?submit.565956
https://www.totolink.net/

Vulnerability Database

290,206

CVE-2025-4460