CVE-2025-4268
Last modified
CVE-2025-4268 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. EPSS estimates a 0.92% chance of exploitation in the next 30 days.
Description
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Totolink | A720r Firmware | 4.1.5cu.374 |
References
- https://vuldb.com/?ctiid.307372Permissions Required, VDB Entry
- https://vuldb.com/?id.307372Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.563429Third Party Advisory, VDB Entry
- https://www.totolink.net/Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-4268?
How severe is CVE-2025-4268?
How do I fix CVE-2025-4268?
Are you affected by CVE-2025-4268?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST