VDB-308079 · CVE-2025-4460 · GCVE-100-308079

TOTOLINK N150RT 3.4.0-B20190525 URL Filtering Page Cross Site Scripting

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin TOTOLINK N150RT 3.4.0-B20190525. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, URL Filtering Page na cikin sashi. Ngam manipulation shi Cross Site Scripting. CWE shidin ka a yi bayani matsala sai ya kai CWE-79. Gaskiya, laifi an fitar da shi 05/08/2025. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2025-4460. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal bayani ba ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 Goyarwa · 96 Datenpunkte

Furɗe	Súgá 05/08/2025 21:12	Gargadi 1/2 05/09/2025 14:00	Gargadi 2/2 05/23/2025 15:59
software_vendor	TOTOLINK	TOTOLINK	TOTOLINK
software_name	N150RT	N150RT	N150RT
software_version	3.4.0-B20190525	3.4.0-B20190525	3.4.0-B20190525
software_component	URL Filtering Page	URL Filtering Page	URL Filtering Page
vulnerability_cwe	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_Url_filering	https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_Url_filering	https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_Url_filering
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_Url_filering	https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_Url_filering	https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_Url_filering
source_cve	CVE-2025-4460	CVE-2025-4460	CVE-2025-4460
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	H	H	H
cvss4_vuldb_ui	P	P	P
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.8	2.8	2.8
cvss3_vuldb_basescore	2.4	2.4	2.4
cvss3_vuldb_tempscore	2.2	2.2	2.2
cvss3_meta_basescore	2.4	2.4	3.2
cvss3_meta_tempscore	2.2	2.3	3.1
cvss4_vuldb_bscore	4.8	4.8	4.8
cvss4_vuldb_btscore	1.9	1.9	1.9
advisory_date	1746655200 (05/08/2025)	1746655200 (05/08/2025)	1746655200 (05/08/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		H	H
cvss4_cna_ui		P	P
cvss4_cna_vc		N	N
cvss4_cna_vi		L	L
cvss4_cna_va		N	N
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		4.8	4.8
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		H	H
cvss3_cna_ui		R	R
cvss3_cna_s		U	U
cvss3_cna_c		N	N
cvss3_cna_i		L	L
cvss3_cna_a		N	N
cvss3_cna_basescore		2.4	2.4
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		M	M
cvss2_cna_ci		N	N
cvss2_cna_ii		P	P
cvss2_cna_ai		N	N
cvss2_cna_basescore		3.3	3.3
cve_nvd_summaryes			Se ha detectado una vulnerabilidad clasificada como problemática en TOTOLINK N150RT 3.4.0-B20190525. Esta afecta a una parte desconocida del componente URL Filtering Page. La manipulación provoca ataques de cross site scripting. Es posible iniciar el ataque de forma remota. Se ha hecho público el exploit y puede que sea utilizado.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			H
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_nvd_basescore			4.8

◂ Gurɗo Gumti Gada ▸

Interested in the pricing of exploits?

See the underground prices here!