Critical Vulnerability Information Product: TOTOLINK A3002RU 2.1.1-B20230720.1011 Vulnerability Type: NAT Mapping Page Comment Cross Site Scripting (XSS) CVE ID: CVE-2025-5506 EUVD ID: EUVD-2025-16738 CWE Classification: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) Vulnerability Description Affected Component: Unknown functionality within NAT Mapping Page Issue: Manipulating the parameter and injecting arbitrary content leads to Cross-Site Scripting (XSS). Cause: The product fails to properly neutralize or inadequately neutralizes user-controlled input when inserting it into output. Impact Integrity Impact: Attackers can exploit this vulnerability to compromise the integrity of web pages, affecting other users. Exploitability Complexity: Simple Remote Exploitable: Yes Authentication Required: Requires successful elevated-level authentication User Interaction: Requires victim interaction Public Information Advisory Download: GitHub.com Known Technical Details and Public Exploits: Yes MITRE ATT&CK Technique: T1059.007 Vendor Response Vendor Contact: Contacted in advance, no response received Recommended Actions Alternative Product: Recommend replacing the affected product with an alternative Related Database Entries VDB: VDB-278201, VDB-279498, VDB-297949, VDB-306330