TOTOLINK A720R Log Handler Access Control Vulnerability Allowing Unauthorized Log Deletion

A critical vulnerability in the TOTOLINK A720R router, specifically in the firmware version 4.1.5cu.374, has been identified. This issue arises from improper access controls in the Log Handler component, particularly within the file '/cgi-bin/cstecgi.cgi'. The vulnerability allows for unauthorized deletion of diagnostic and system logs by sending a crafted POST request with specific parameters, such as 'clearDiagnosisLog' or 'clearSyslog'. This exploitation can be performed remotely, without the need for authentication.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of diagnostic and system logs, potentially leading to a loss of important system information and activity records.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/cstecgi.cgi' with the 'topicurl' parameter set to either 'clearDiagnosisLog' or 'clearSyslog'. This can be done using a tool that allows for the crafting of HTTP requests, such as Postman or a similar application. Include the necessary headers to mimic a request from a web browser, such as 'User-Agent' and 'Referer'. Once the request is sent, the corresponding logs will be cleared without any authentication.