Details of VAR-202401-2645

ID

VAR-202401-2645

CVE

CVE-2024-22663

TITLE

TOTOLINK A3700R Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-15330

DESCRIPTION

TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg. TOTOLINK A3700R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A3700R has a command injection vulnerability, which is caused by the setOpModeCfg method failing to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to cause arbitrary command execution

Trust: 1.44

sources: NVD: CVE-2024-22663 // CNVD: CNVD-2025-15330

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15330

AFFECTED PRODUCTS

vendor:	totolink	model:	a3700r	scope:	eq	version:	9.1.2u.6165_20211012	Trust: 1.0
vendor:	totolink	model:	a3700r v9.1.2u.6165 20211012	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15330 // NVD: CVE-2024-22663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-22663
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-22663
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-15330
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-15330
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-22663
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2025-15330 // NVD: CVE-2024-22663 // NVD: CVE-2024-22663

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2024-22663

EXTERNAL IDS

db:	NVD	id:	CVE-2024-22663	Trust: 1.6
db:	CNVD	id:	CNVD-2025-15330	Trust: 0.6

sources: CNVD: CNVD-2025-15330 // NVD: CVE-2024-22663

REFERENCES

url:

https://github.com/covteam/iot_vuln/tree/main/setopmodecfg2

Trust: 1.6

sources: CNVD: CNVD-2025-15330 // NVD: CVE-2024-22663

SOURCES

db:	CNVD	id:	CNVD-2025-15330
db:	NVD	id:	CVE-2024-22663

LAST UPDATE DATE

2025-07-10T23:03:36.984000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15330	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2024-22663	date:	2025-05-30T15:15:33.023

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15330	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2024-22663	date:	2024-01-23T15:15:11.950