PT-2025-16557 · Totolink · Totolink A3700R
Yhryhryhr_Miemie
·
Published
2025-04-15
·
Updated
2025-04-16
·
CVE-2025-3668
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3700R version 9.1.2u.5822 B20200513
Description
A critical issue affects the
setScheduleCfg function of the /cgi-bin/cstecgi.cgi file, leading to improper access controls. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond.Recommendations
For TOTOLINK A3700R version 9.1.2u.5822 B20200513, as a temporary workaround, consider disabling the
setScheduleCfg function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Totolink A3700R