Details of VAR-202504-1003

ID

VAR-202504-1003

CVE

CVE-2025-3666

TITLE

TOTOLINK of a3700r Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-004769

DESCRIPTION

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3700r There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A3700R is a wireless router that provides network connection functions for home and small offices. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-3666 // JVNDB: JVNDB-2025-004769 // CNVD: CNVD-2025-12019

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12019

AFFECTED PRODUCTS

vendor:	totolink	model:	a3700r	scope:	eq	version:	9.1.2u.5822_b20200513	Trust: 1.0
vendor:	totolink	model:	a3700r	scope:	eq	version:	a3700r firmware 9.1.2u.5822 b20200513	Trust: 0.8
vendor:	totolink	model:	a3700r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3700r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3700r 9.1.2u.5822 b20200513	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12019 // JVNDB: JVNDB-2025-004769 // NVD: CVE-2025-3666

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-3666
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-004769
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-12019
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-3666
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-004769
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12019
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-3666
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-004769
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12019 // JVNDB: JVNDB-2025-004769 // NVD: CVE-2025-3666

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper permission settings (CWE-266) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-004769 // NVD: CVE-2025-3666

EXTERNAL IDS

db:	NVD	id:	CVE-2025-3666	Trust: 3.2
db:	VULDB	id:	304844	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-004769	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12019	Trust: 0.6

sources: CNVD: CNVD-2025-12019 // JVNDB: JVNDB-2025-004769 // NVD: CVE-2025-3666

REFERENCES

url:	https://vuldb.com/?id.304844	Trust: 2.4
url:	https://lavender-bicycle-a5a.notion.site/totolink-a3700r-setddnscfg-1cb53a41781f8001b9c0f345a120e2e7?pvs=4	Trust: 1.8
url:	https://vuldb.com/?submit.551298	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://vuldb.com/?ctiid.304844	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-3666	Trust: 0.8

sources: CNVD: CNVD-2025-12019 // JVNDB: JVNDB-2025-004769 // NVD: CVE-2025-3666

SOURCES

db:	CNVD	id:	CNVD-2025-12019
db:	JVNDB	id:	JVNDB-2025-004769
db:	NVD	id:	CVE-2025-3666

LAST UPDATE DATE

2025-06-12T02:13:23.037000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12019	date:	2025-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-004769	date:	2025-05-13T07:03:00
db:	NVD	id:	CVE-2025-3666	date:	2025-05-12T19:49:52.043

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12019	date:	2025-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-004769	date:	2025-05-13T00:00:00
db:	NVD	id:	CVE-2025-3666	date:	2025-04-16T04:15:23.040