CVE-2025-3996

CVSS 3.1 Score 2.4 of 10 (low)

Details

Published Apr 28, 2025

Updated: Apr 29, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-3996 is a newly discovered vulnerability affecting the TOTOLINK N150RT 3.4.0-B20190525 firmware. This issue is considered problematic due to the presence of a cross-site scripting (XSS) vulnerability in the MAC Filtering Page's /home.htm file. The vulnerability is triggered by manipulating the Comment argument, which could allow an attacker to inject malicious scripts into a user's browser. The attack can be launched remotely, increasing the threat level. The existence of this exploit has been made public, making it a potential risk for affected users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

TOTOLINK N150RT

Affected Vendors

TOTOLINK

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners