Primary

Context

TOTOLINK N150RT Cross-Site Scripting Vulnerability in URL Filtering Page

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the TOTOLINK N150RT router, specifically in the firmware version 3.4.0-B20190525. The issue arises on the URL Filtering Page within the Firewall settings, where user input is not properly sanitized, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely, and has been publicly disclosed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user visiting the affected page.

Reproduction

To reproduce this vulnerability, navigate to the URL Filtering option under the Firewall page in the router's settings. Enable the URL Filtering feature and enter a payload, such as a SVG image tag with an onload event, into the URL Address input box. After applying the changes, the injected JavaScript will execute, demonstrating the cross-site scripting vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

5.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

5.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK N150RT Cross-Site Scripting Vulnerability in URL Filtering Page

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK N150RT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating