CVE-2025-4271

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Published: May 5, 2025
Updated: May 8, 2025
CVE: CVE-2025-4271
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-200
CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
totolink / a720r_firmware	4.1.5cu.374	4.1.5cu.374.x

https://github.com/at0de/my_vulns/blob/main/TOTOLINK/A720R/showSyslog.md
https://vuldb.com/?ctiid.307375
https://vuldb.com/?id.307375
https://vuldb.com/?submit.563444
https://www.totolink.net/

Vulnerability Database

CVE-2025-4271

Deep Security Visibility Without the Complexity