Sign-up

ID

VAR-202504-1204


CVE

CVE-2025-3674


TITLE

TOTOLINK  of  a3700r  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-003893

DESCRIPTION

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of a3700r There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A3700R is a wireless router that provides wireless network connection and management functions. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-3674 // JVNDB: JVNDB-2025-003893 // CNVD: CNVD-2025-12020

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12020

AFFECTED PRODUCTS

vendor:totolinkmodel:a3700rscope:eqversion:9.1.2u.5822_b20200513

Trust: 1.0

vendor:totolinkmodel:a3700rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3700rscope:eqversion:a3700r firmware 9.1.2u.5822 b20200513

Trust: 0.8

vendor:totolinkmodel:a3700rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3700r 9.1.2u.5822 b20200513scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12020 // JVNDB: JVNDB-2025-003893 // NVD: CVE-2025-3674

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-3674
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-003893
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-12020
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-3674
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-003893
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12020
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-3674
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-003893
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12020 // JVNDB: JVNDB-2025-003893 // NVD: CVE-2025-3674

PROBLEMTYPE DATA

problemtype:CWE-266

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-003893 // NVD: CVE-2025-3674

EXTERNAL IDS

db:NVDid:CVE-2025-3674

Trust: 3.2

db:VULDBid:304963

Trust: 2.4

db:JVNDBid:JVNDB-2025-003893

Trust: 0.8

db:CNVDid:CNVD-2025-12020

Trust: 0.6

sources: CNVD: CNVD-2025-12020 // JVNDB: JVNDB-2025-003893 // NVD: CVE-2025-3674

REFERENCES

url:https://vuldb.com/?id.304963

Trust: 2.4

url:https://lavender-bicycle-a5a.notion.site/totolink-a3700r-seturlfilterrules-1cb53a41781f808f9547da7748580914?pvs=4

Trust: 1.8

url:https://vuldb.com/?submit.551302

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://lavender-bicycle-a5a.notion.site/totolink-a3700r-seturlfilterrules-1cb53a41781f808f9547da7748580914

Trust: 1.8

url:https://vuldb.com/?ctiid.304963

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-3674

Trust: 0.8

sources: CNVD: CNVD-2025-12020 // JVNDB: JVNDB-2025-003893 // NVD: CVE-2025-3674

SOURCES

db:CNVDid:CNVD-2025-12020
db:JVNDBid:JVNDB-2025-003893
db:NVDid:CVE-2025-3674

LAST UPDATE DATE

2025-06-12T02:15:14.388000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12020date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-003893date:2025-04-23T05:01:00
db:NVDid:CVE-2025-3674date:2025-04-22T16:52:45.317

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12020date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-003893date:2025-04-23T00:00:00
db:NVDid:CVE-2025-3674date:2025-04-16T07:15:42.300