CVE-2025-2688

Published: Mar 24, 2025Modified: Jul 2, 2025

5.3

Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Totolink: A3000ru Firmware

1 product

A3000ru Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3000ru Firmware	Up to 5.9c.5185

Running on/with	Platform Versions
Totolink A3000ru	All versions

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3000RU-ExportSyslog-1b953a41781f8064970dc7809a52ac6c?pvs=4

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.300709

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.300709

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.521570

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.totolink.net/

Source: cna@vuldb.com

Product

Timeline

No history available yet.