CVE-2025-4268

Published: May 5, 2025Modified: May 7, 2025

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Totolink: A720r Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A720r Firmware	Version 4.1.5cu.374

Running on/with	Platform Versions
Totolink A720r	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (5)

https://github.com/at0de/my_vulns/blob/main/TOTOLINK/A720R/RebootSystem.md

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.307372

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.307372

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.563429

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.totolink.net/

Source: cna@vuldb.com

Product

Timeline

No history available yet.