Sign-up

ID

VAR-202503-2574


CVE

CVE-2025-2688


TITLE

TOTOLINK  of  A3000RU  Vulnerability regarding improper permission settings in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007863

DESCRIPTION

A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. TOTOLINK of A3000RU The firmware contains vulnerabilities related to improper permission settings and access control.Information may be obtained. TOTOLINK A3000RU is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-2688 // JVNDB: JVNDB-2025-007863 // CNVD: CNVD-2025-12878

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12878

AFFECTED PRODUCTS

vendor:totolinkmodel:a3000ruscope:lteversion:5.9c.5185

Trust: 1.0

vendor:totolinkmodel:a3000ruscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3000ruscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3000ruscope:lteversion:a3000ru firmware 5.9c.5185 and earlier

Trust: 0.8

vendor:totolinkmodel:a3000ru <=5.9c.5185scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12878 // JVNDB: JVNDB-2025-007863 // NVD: CVE-2025-2688

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2688
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-007863
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-12878
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-2688
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-007863
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12878
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-2688
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-007863
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12878 // JVNDB: JVNDB-2025-007863 // NVD: CVE-2025-2688

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-266

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-007863 // NVD: CVE-2025-2688

EXTERNAL IDS

db:NVDid:CVE-2025-2688

Trust: 3.2

db:VULDBid:300709

Trust: 1.8

db:JVNDBid:JVNDB-2025-007863

Trust: 0.8

db:CNVDid:CNVD-2025-12878

Trust: 0.6

sources: CNVD: CNVD-2025-12878 // JVNDB: JVNDB-2025-007863 // NVD: CVE-2025-2688

REFERENCES

url:https://lavender-bicycle-a5a.notion.site/totolink-a3000ru-exportsyslog-1b953a41781f8064970dc7809a52ac6c?pvs=4

Trust: 2.4

url:https://vuldb.com/?id.300709

Trust: 1.8

url:https://vuldb.com/?submit.521570

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.300709

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2688

Trust: 0.8

sources: CNVD: CNVD-2025-12878 // JVNDB: JVNDB-2025-007863 // NVD: CVE-2025-2688

SOURCES

db:CNVDid:CNVD-2025-12878
db:JVNDBid:JVNDB-2025-007863
db:NVDid:CVE-2025-2688

LAST UPDATE DATE

2025-07-04T23:33:22.494000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12878date:2025-06-19T00:00:00
db:JVNDBid:JVNDB-2025-007863date:2025-07-03T06:14:00
db:NVDid:CVE-2025-2688date:2025-07-02T18:03:25.497

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12878date:2025-06-19T00:00:00
db:JVNDBid:JVNDB-2025-007863date:2025-07-03T00:00:00
db:NVDid:CVE-2025-2688date:2025-03-24T07:15:12.760