Description
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.
References (2)
Core 2
Core References
Product x_refsource_misc
http://totolink.net/
Third Party Advisory x_refsource_misc
https://gist.github.com/fuzzKitty/8ca2587213874e94e5c0aedf346c18b1
Scores
CVSS v3
6.1
EPSS
0.0021
EPSS Percentile
42.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
totolink/n100re_firmware
2.0
totolink/n200re_firmware
2.0
Published
May 02, 2022
Tracked Since
Feb 18, 2026