Details of VAR-202504-1197

ID

VAR-202504-1197

CVE

CVE-2025-3665

TITLE

TOTOLINK of a3700r Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-003894

DESCRIPTION

A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3700r There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A3700R is a wireless router that provides wireless network connection and management functions. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-3665 // JVNDB: JVNDB-2025-003894 // CNVD: CNVD-2025-12025

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12025

AFFECTED PRODUCTS

vendor:	totolink	model:	a3700r	scope:	eq	version:	9.1.2u.5822_b20200513	Trust: 1.0
vendor:	totolink	model:	a3700r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3700r	scope:	eq	version:	a3700r firmware 9.1.2u.5822 b20200513	Trust: 0.8
vendor:	totolink	model:	a3700r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3700r 9.1.2u.5822 b20200513	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12025 // JVNDB: JVNDB-2025-003894 // NVD: CVE-2025-3665

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-3665
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-003894
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-12025
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-3665
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-003894
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12025
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-3665
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-003894
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12025 // JVNDB: JVNDB-2025-003894 // NVD: CVE-2025-3665

PROBLEMTYPE DATA

problemtype:	CWE-266	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Improper permission settings (CWE-266) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-003894 // NVD: CVE-2025-3665

EXTERNAL IDS

db:	NVD	id:	CVE-2025-3665	Trust: 3.2
db:	VULDB	id:	304843	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-003894	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12025	Trust: 0.6

sources: CNVD: CNVD-2025-12025 // JVNDB: JVNDB-2025-003894 // NVD: CVE-2025-3665

REFERENCES

url:	https://vuldb.com/?id.304843	Trust: 2.4
url:	https://lavender-bicycle-a5a.notion.site/totolink-a3700r-setsmartqoscfg-1cb53a41781f80ce9b7aca2c6ff9bea4?pvs=4	Trust: 1.8
url:	https://vuldb.com/?submit.551297	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://lavender-bicycle-a5a.notion.site/totolink-a3700r-setsmartqoscfg-1cb53a41781f80ce9b7aca2c6ff9bea4	Trust: 1.8
url:	https://vuldb.com/?ctiid.304843	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-3665	Trust: 0.8

sources: CNVD: CNVD-2025-12025 // JVNDB: JVNDB-2025-003894 // NVD: CVE-2025-3665

SOURCES

db:	CNVD	id:	CNVD-2025-12025
db:	JVNDB	id:	JVNDB-2025-003894
db:	NVD	id:	CVE-2025-3665

LAST UPDATE DATE

2025-06-12T02:10:56.562000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12025	date:	2025-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-003894	date:	2025-04-23T05:01:00
db:	NVD	id:	CVE-2025-3665	date:	2025-04-22T16:54:19.520

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12025	date:	2025-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-003894	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2025-3665	date:	2025-04-16T03:15:18.057