CVE-2025-3994: TOTOLINK N150RT IP Port Filtering home.htm cross site scripting
First published: Mon Apr 28 2025(Updated: )
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink N150RT-V2 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3994?
CVE-2025-3994 has been classified as a problematic vulnerability due to its potential for cross-site scripting.
How do I fix CVE-2025-3994?
To fix CVE-2025-3994, it is recommended to update the TOTOLINK N150RT firmware to the latest version provided by the vendor.
Which component is affected by CVE-2025-3994?
CVE-2025-3994 affects the IP Port Filtering feature in the TOTOLINK N150RT device.
What is the attack vector for CVE-2025-3994?
The attack vector for CVE-2025-3994 involves manipulating the 'Comment' argument in the /home.htm file.
Is CVE-2025-3994 specific to any firmware version?
Yes, CVE-2025-3994 specifically affects TOTOLINK N150RT firmware version 3.4.0-B20190525.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/title
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/totolink
- canonical/totolink n150rt-v2 firmware