PT-2025-16561 · Totolink · Totolink A3700R

Yhryhryhr_Tu

Published

2025-04-15

Updated

2025-04-22

CVE-2025-3674

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions TOTOLINK A3700R version 9.1.2u.5822 B20200513

Description A critical issue affects the setUrlFilterRules function of the /cgi-bin/cstecgi.cgi file, leading to improper access controls. The issue can be exploited remotely.

Recommendations For TOTOLINK A3700R version 9.1.2u.5822 B20200513, as a temporary workaround, consider disabling the setUrlFilterRules function until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

BDU:2025-05802

CVE-2025-3674

Affected Products

Totolink A3700R

PT-2025-16561 · Totolink · Totolink A3700R

CVE-2025-3674

Weakness Enumeration

Related Identifiers

Affected Products

References · 13