| Titre | TOTOLINK A720R V4.1.5cu.374 Exposure of Sensitive System Information to an Unauthorized Cont |
|---|
| Description | The TOTOLINK A720R V4.1.5cu.374 firmware contains an unauthenticated system information disclosure vulnerability. An attacker can exploit this flaw by sending a crafted POST request with the parameter {"topicurl":"getInitCfg"} to /cgi-bin/cstecgi.cgi, exposing sensitive device configuration details including firmware version, hardware model, supported network features, operational modes, and system parameters. |
|---|
| La source | ⚠️ https://github.com/at0de/my_vulns/blob/main/TOTOLINK/A720R/getInitCfg.md |
|---|
| Utilisateur | 153528990 (UID 64409) |
|---|
| Soumission | 22/04/2025 04:03 (il y a 1 Année) |
|---|
| Modérer | 04/05/2025 20:25 (13 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 307374 [TOTOLINK A720R 4.1.5cu.374 Config /cgi-bin/cstecgi.cgi topicurl divulgation d'information] |
|---|
| Points | 20 |
|---|