Sign-up

ID

VAR-202505-0088


CVE

CVE-2025-4269


TITLE

TOTOLINK  of  A720R  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-004487

DESCRIPTION

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A720R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-4269 // JVNDB: JVNDB-2025-004487 // CNVD: CNVD-2025-12085

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12085

AFFECTED PRODUCTS

vendor:totolinkmodel:a720rscope:eqversion:4.1.5cu.374

Trust: 1.0

vendor:totolinkmodel:a720rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a720rscope:eqversion:a720r firmware 4.1.5cu.374

Trust: 0.8

vendor:totolinkmodel:a720rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a720r 4.1.5cu.374scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12085 // JVNDB: JVNDB-2025-004487 // NVD: CVE-2025-4269

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4269
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-4269
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-004487
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-12085
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-4269
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004487
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12085
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4269
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4269
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-004487
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12085 // JVNDB: JVNDB-2025-004487 // NVD: CVE-2025-4269 // NVD: CVE-2025-4269

PROBLEMTYPE DATA

problemtype:CWE-266

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004487 // NVD: CVE-2025-4269

PATCH

title:Patch for TOTOLINK A720R Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/695706

Trust: 0.6

sources: CNVD: CNVD-2025-12085

EXTERNAL IDS

db:NVDid:CVE-2025-4269

Trust: 3.2

db:VULDBid:307373

Trust: 1.8

db:JVNDBid:JVNDB-2025-004487

Trust: 0.8

db:CNVDid:CNVD-2025-12085

Trust: 0.6

sources: CNVD: CNVD-2025-12085 // JVNDB: JVNDB-2025-004487 // NVD: CVE-2025-4269

REFERENCES

url:https://www.totolink.net/

Trust: 2.4

url:https://github.com/at0de/my_vulns/blob/main/totolink/a720r/cleardiagnosislog.md

Trust: 1.8

url:https://github.com/at0de/my_vulns/blob/main/totolink/a720r/clearsyslog.md

Trust: 1.8

url:https://vuldb.com/?id.307373

Trust: 1.8

url:https://vuldb.com/?submit.563430

Trust: 1.8

url:https://vuldb.com/?ctiid.307373

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4269

Trust: 0.8

sources: CNVD: CNVD-2025-12085 // JVNDB: JVNDB-2025-004487 // NVD: CVE-2025-4269

SOURCES

db:CNVDid:CNVD-2025-12085
db:JVNDBid:JVNDB-2025-004487
db:NVDid:CVE-2025-4269

LAST UPDATE DATE

2025-06-15T23:36:07.703000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12085date:2025-06-11T00:00:00
db:JVNDBid:JVNDB-2025-004487date:2025-05-08T07:25:00
db:NVDid:CVE-2025-4269date:2025-05-07T16:38:25.260

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12085date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-004487date:2025-05-08T00:00:00
db:NVDid:CVE-2025-4269date:2025-05-05T07:15:48.233