CVE-2025-4271

Published: May 5, 2025Modified: May 7, 2025

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Totolink: A720r Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A720r Firmware	Version 4.1.5cu.374

Running on/with	Platform Versions
Totolink A720r	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

https://github.com/at0de/my_vulns/blob/main/TOTOLINK/A720R/showSyslog.md

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.307375

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.307375

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.563444

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.totolink.net/

Source: cna@vuldb.com

Product

Timeline

No history available yet.