| Título | TOTOLINK A720R V4.1.5cu.374 Exposure of Sensitive System Information to an Unauthorized Cont |
|---|
| Descripción | The TOTOLINK A720R V4.1.5cu.374 firmware contains an unauthenticated sensitive information disclosure vulnerability. An attacker can exploit this flaw by sending a crafted POST request with the parameter {"topicurl":"getSysStatusCfg"} to /cgi-bin/cstecgi.cgi, allowing unauthorized access to sensitive system information such as firmware version, MAC addresses, Wi-Fi credentials, LAN/WAN IP configurations, and other critical device details. This could lead to unauthorized network access or further exploitation. |
|---|
| Fuente | ⚠️ https://github.com/at0de/my_vulns/blob/main/TOTOLINK/A720R/getSysStatusCfg.md |
|---|
| Usuario | 153528990 (UID 64409) |
|---|
| Sumisión | 2025-04-22 04:05 (hace 12 meses) |
|---|
| Moderación | 2025-05-04 20:25 (13 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 307374 [TOTOLINK A720R 4.1.5cu.374 Config /cgi-bin/cstecgi.cgi topicurl divulgación de información] |
|---|
| Puntos | 0 |
|---|