Sign-up

ID

VAR-202504-1015


CVE

CVE-2025-3675


TITLE

TOTOLINK  of  a3700r  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-004707

DESCRIPTION

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of a3700r There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A3700R is a wireless router that provides wireless network connection function. No detailed vulnerability details are provided at present

Trust: 2.16

sources: NVD: CVE-2025-3675 // JVNDB: JVNDB-2025-004707 // CNVD: CNVD-2025-12018

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12018

AFFECTED PRODUCTS

vendor:totolinkmodel:a3700rscope:eqversion:9.1.2u.5822_b20200513

Trust: 1.0

vendor:totolinkmodel:a3700rscope:eqversion:a3700r firmware 9.1.2u.5822 b20200513

Trust: 0.8

vendor:totolinkmodel:a3700rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3700rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3700r 9.1.2u.5822 b20200513scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12018 // JVNDB: JVNDB-2025-004707 // NVD: CVE-2025-3675

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-3675
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-3675
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-004707
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-12018
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-3675
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004707
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12018
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-3675
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2025-004707
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12018 // JVNDB: JVNDB-2025-004707 // NVD: CVE-2025-3675 // NVD: CVE-2025-3675

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-266

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004707 // NVD: CVE-2025-3675

EXTERNAL IDS

db:NVDid:CVE-2025-3675

Trust: 3.2

db:VULDBid:304964

Trust: 2.4

db:JVNDBid:JVNDB-2025-004707

Trust: 0.8

db:CNVDid:CNVD-2025-12018

Trust: 0.6

sources: CNVD: CNVD-2025-12018 // JVNDB: JVNDB-2025-004707 // NVD: CVE-2025-3675

REFERENCES

url:https://vuldb.com/?id.304964

Trust: 2.4

url:https://lavender-bicycle-a5a.notion.site/totolink-a3700r-setl2tpservercfg-1cb53a41781f80319d38dc5a8e9174ae?pvs=4

Trust: 1.8

url:https://vuldb.com/?submit.551304

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.304964

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-3675

Trust: 0.8

sources: CNVD: CNVD-2025-12018 // JVNDB: JVNDB-2025-004707 // NVD: CVE-2025-3675

SOURCES

db:CNVDid:CNVD-2025-12018
db:JVNDBid:JVNDB-2025-004707
db:NVDid:CVE-2025-3675

LAST UPDATE DATE

2025-06-12T02:15:14.416000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12018date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-004707date:2025-05-13T02:15:00
db:NVDid:CVE-2025-3675date:2025-05-12T19:49:26.683

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12018date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-004707date:2025-05-13T00:00:00
db:NVDid:CVE-2025-3675date:2025-04-16T07:15:43.947