Sign-up

ID

VAR-202504-0956


CVE

CVE-2025-3664


TITLE

TOTOLINK  of  a3700r  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-003852

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3700r There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A3700R is a wireless router that provides wireless network connection function. TOTOLINK A3700R has an access control error vulnerability, which is caused by the setWiFiEasyGuestCfg function of the /cgi-bin/cstecgi.cgi file failing to properly handle specific requests. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-3664 // JVNDB: JVNDB-2025-003852 // CNVD: CNVD-2025-12017

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12017

AFFECTED PRODUCTS

vendor:totolinkmodel:a3700rscope:eqversion:9.1.2u.5822_b20200513

Trust: 1.0

vendor:totolinkmodel:a3700rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3700rscope:eqversion:a3700r firmware 9.1.2u.5822 b20200513

Trust: 0.8

vendor:totolinkmodel:a3700rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3700r 9.1.2u.5822 b20200513scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12017 // JVNDB: JVNDB-2025-003852 // NVD: CVE-2025-3664

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-3664
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-003852
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-12017
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-3664
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-003852
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12017
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-3664
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-003852
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12017 // JVNDB: JVNDB-2025-003852 // NVD: CVE-2025-3664

PROBLEMTYPE DATA

problemtype:CWE-266

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-003852 // NVD: CVE-2025-3664

EXTERNAL IDS

db:NVDid:CVE-2025-3664

Trust: 3.2

db:VULDBid:304842

Trust: 2.4

db:JVNDBid:JVNDB-2025-003852

Trust: 0.8

db:CNVDid:CNVD-2025-12017

Trust: 0.6

sources: CNVD: CNVD-2025-12017 // JVNDB: JVNDB-2025-003852 // NVD: CVE-2025-3664

REFERENCES

url:https://vuldb.com/?id.304842

Trust: 2.4

url:https://lavender-bicycle-a5a.notion.site/totolink-a3700r-setwifieasyguestcfg-1cb53a41781f805f9ee3f1b2d362d3f2?pvs=4

Trust: 1.8

url:https://vuldb.com/?submit.551296

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://lavender-bicycle-a5a.notion.site/totolink-a3700r-setwifieasyguestcfg-1cb53a41781f805f9ee3f1b2d362d3f2

Trust: 1.8

url:https://vuldb.com/?ctiid.304842

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-3664

Trust: 0.8

sources: CNVD: CNVD-2025-12017 // JVNDB: JVNDB-2025-003852 // NVD: CVE-2025-3664

SOURCES

db:CNVDid:CNVD-2025-12017
db:JVNDBid:JVNDB-2025-003852
db:NVDid:CVE-2025-3664

LAST UPDATE DATE

2025-06-12T02:22:43.095000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12017date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-003852date:2025-04-23T01:49:00
db:NVDid:CVE-2025-3664date:2025-04-22T16:53:30.190

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12017date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-003852date:2025-04-23T00:00:00
db:NVDid:CVE-2025-3664date:2025-04-16T03:15:17.883