CVE-2025-4268: TOTOLINK A720R cstecgi.cgi missing authentication
First published: Mon May 05 2025(Updated: )
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TOTOLINK A720R firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4268?
CVE-2025-4268 has been classified as a critical vulnerability.
How do I fix CVE-2025-4268?
To fix CVE-2025-4268, it is recommended to update the firmware of the TOTOLINK A720R to the latest version provided by the vendor.
What component of the TOTOLINK A720R is affected by CVE-2025-4268?
CVE-2025-4268 affects the /cgi-bin/cstecgi.cgi component of the TOTOLINK A720R.
What type of attack can occur due to CVE-2025-4268?
CVE-2025-4268 can lead to a missing authentication vulnerability that allows unauthorized access.
What specific input triggers the vulnerability in CVE-2025-4268?
The input 'RebootSystem' for the argument 'topicurl' is what triggers the vulnerability in CVE-2025-4268.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/description
- agent/references
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/source
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/totolink
- canonical/totolink a720r firmware