CVE-2025-4270

CWE-200Information ExposureCWE-284Improper Access Control4 documents4 sources
Severity
6.9MEDIUM
EPSS
0.4%
top 39.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A720rTotolink A720r Firmware
Timeline
PublishedMay 5

Description

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a720r4.1.5cu.374
NVDtotolink/a720r_firmware4.1.5cu.374

🔴Vulnerability Details

3
GHSA
GHSA-4jh5-95f7-hf6w: A vulnerability was found in TOTOLINK A720R 42025-05-05
CVEList
TOTOLINK A720R Config cstecgi.cgi information disclosure2025-05-05
VulnCheck
totolink a720r_firmware Exposure of Sensitive Information to an Unauthorized Actor2025
CVE-2025-4270 (MEDIUM CVSS 6.9) | A vulnerability was found in TOTOLI | cvebase.io