CVE-2025-2688: TOTOLINK A3000RU Syslog Configuration File ExportSyslog.sh access control
First published: Mon Mar 24 2025(Updated: )
A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A3000RU firmware | <=5.9c.5185 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2688?
CVE-2025-2688 is classified as problematic due to its improper access control vulnerability.
How do I fix CVE-2025-2688?
To mitigate CVE-2025-2688, update the TOTOLINK A3000RU firmware to the latest version beyond 5.9c.5185.
What components are affected by CVE-2025-2688?
CVE-2025-2688 affects the Syslog Configuration File Handler found in the /cgi-bin/ExportSyslog.sh file.
Is CVE-2025-2688 actively exploited?
There is currently no public knowledge of active exploitation of CVE-2025-2688.
Who is responsible for addressing CVE-2025-2688?
It is the responsibility of the users of the TOTOLINK A3000RU to address and remediate CVE-2025-2688.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/type
- agent/references
- agent/first-publish-date
- agent/weakness
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/totolink
- canonical/totolink a3000ru firmware