Primary

Context

TOTOLINK A3002R Cross-Site Scripting Vulnerability in VPN Page Component

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the TOTOLINK A3002R router, specifically in the VPN page of the firmware version 2.1.1-B20230720.1011. This vulnerability allows for the injection of malicious scripts through the 'Comment' argument, which are then executed in the context of the user's browser. The issue can be exploited remotely, but requires authentication and user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the victim's browser.

Reproduction

To reproduce this vulnerability, log into the affected TOTOLINK A3002R router and navigate to the VPN page. Once there, input a script into the 'Comment' field. After submitting the comment, the injected script will be executed, demonstrating the cross-site scripting vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.0

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.0

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK A3002R Cross-Site Scripting Vulnerability in VPN Page Component

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK A3002R

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating