PT-2025-12563 · Totolink · Totolink A3000Ru
Wxhwxhwxh_Mie
·
Published
2025-03-17
·
Updated
2025-07-02
·
CVE-2025-2688
CVSS v4.0
5.3
Medium
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3000RU versions up to 5.9c.5185
Description
A problematic issue was found in the Syslog Configuration File Handler component, specifically in the file
/cgi-bin/ExportSyslog.sh. This issue leads to improper access controls. The attack must be carried out within the local network.Recommendations
For TOTOLINK A3000RU versions up to 5.9c.5185, consider restricting access to the
/cgi-bin/ExportSyslog.sh file until a patch is available.
As a temporary workaround, limit the ability to manipulate the unknown functionality of the Syslog Configuration File Handler component to minimize the risk of exploitation.Exploit
Fix
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Totolink A3000Ru