Details of VAR-202505-0032

ID

VAR-202505-0032

CVE

CVE-2025-4268

TITLE

TOTOLINK of A720R Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004504

DESCRIPTION

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R The firmware contains vulnerabilities related to authentication and lack of authentication for critical functions.Service operation interruption (DoS) It may be in a state. TOTOLINK A720R is a wireless router of China's TOTOLINK Electronics. TOTOLINK A720R has an improper authentication vulnerability, which is caused by improper processing of the parameter topicurl in the file /cgi-bin/cstecgi.cgi. No detailed vulnerability details are provided at present

Trust: 2.16

sources: NVD: CVE-2025-4268 // JVNDB: JVNDB-2025-004504 // CNVD: CNVD-2025-11999

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11999

AFFECTED PRODUCTS

vendor:	totolink	model:	a720r	scope:	eq	version:	4.1.5cu.374	Trust: 1.0
vendor:	totolink	model:	a720r	scope:	eq	version:	a720r firmware 4.1.5cu.374	Trust: 0.8
vendor:	totolink	model:	a720r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a720r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a720r 4.1.5cu.374	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-11999 // JVNDB: JVNDB-2025-004504 // NVD: CVE-2025-4268

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-4268
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-004504
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-11999
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-4268
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-004504
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-11999
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-4268
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-004504
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11999 // JVNDB: JVNDB-2025-004504 // NVD: CVE-2025-4268

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8
problemtype:	Lack of authentication for critical features (CWE-306) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-004504 // NVD: CVE-2025-4268

PATCH

title:

Patch for TOTOLINK A720R Improper Authentication Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/695691

Trust: 0.6

sources: CNVD: CNVD-2025-11999

EXTERNAL IDS

db:	NVD	id:	CVE-2025-4268	Trust: 3.2
db:	VULDB	id:	307372	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-004504	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11999	Trust: 0.6

sources: CNVD: CNVD-2025-11999 // JVNDB: JVNDB-2025-004504 // NVD: CVE-2025-4268

REFERENCES

url:	https://github.com/at0de/my_vulns/blob/main/totolink/a720r/rebootsystem.md	Trust: 1.8
url:	https://vuldb.com/?id.307372	Trust: 1.8
url:	https://vuldb.com/?submit.563429	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://vuldb.com/?ctiid.307372	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-4268	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2025-4268	Trust: 0.6

sources: CNVD: CNVD-2025-11999 // JVNDB: JVNDB-2025-004504 // NVD: CVE-2025-4268

SOURCES

db:	CNVD	id:	CNVD-2025-11999
db:	JVNDB	id:	JVNDB-2025-004504
db:	NVD	id:	CVE-2025-4268

LAST UPDATE DATE

2025-06-12T02:07:06.670000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11999	date:	2025-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-004504	date:	2025-05-08T08:05:00
db:	NVD	id:	CVE-2025-4268	date:	2025-05-07T16:38:18.700

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11999	date:	2025-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-004504	date:	2025-05-08T00:00:00
db:	NVD	id:	CVE-2025-4268	date:	2025-05-05T07:15:47.073