PT-2025-16553 · Totolink · Totolink A3700R
Yhryhryhr
·
Publicado
2025-04-15
·
Atualizado
2025-04-22
·
CVE-2025-3664
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3700R version 9.1.2u.5822 B20200513
Description
A critical vulnerability was found in the TOTOLINK A3700R, affecting the function
setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls, allowing for remote attacks. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond.Recommendations
As a temporary workaround, consider disabling the
setWiFiEasyGuestCfg function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
Incorrect Privilege Assignment
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Totolink A3700R