TOTOLINK A720R Information Disclosure Vulnerability in Config Handler

A vulnerability exists in the TOTOLINK A720R router running firmware version 4.1.5cu.374. The issue lies within the Config Handler component, specifically in the file '/cgi-bin/cstecgi.cgi'. The vulnerability allows for unauthenticated information disclosure by manipulating the 'topicurl' parameter with values such as 'getInitCfg' or 'getSysStatusCfg'. This exploitation can be performed remotely, exposing sensitive device configuration details.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive system information, including firmware version, MAC addresses, Wi-Fi credentials, LAN/WAN IP configurations, and other critical device details. Such exposure could result in unauthorized network access or further exploitation.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/cstecgi.cgi' with the 'topicurl' parameter set to either 'getInitCfg' or 'getSysStatusCfg'. This can be done using a tool like curl or Postman, or through a script that automates the HTTP request. Include the necessary headers such as 'X-Requested-With' and 'Content-Type' to mimic a legitimate request. The response will contain the sensitive information disclosed by the vulnerable endpoint.