The vulnerability of the setWiFiEasyCfg/setWiFiEasyGuestCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3700R wireless router software allows a attacker to escalate their privileges.

🗓️ 23 May 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Privilege escalation via setWiFiEasyCfg/setWiFiEasyGuestCfg in cstecgi.cgi on TOTOLINK A3700R.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-3663	16 Apr 202502:55	–	circl
CNNVD	TOTOLINK A3700R 安全漏洞	16 Apr 202500:00	–	cnnvd
CNVD	TOTOLINK A3700R Improper Access Control Vulnerability	22 Apr 202500:00	–	cnvd
CVE	CVE-2025-3663	16 Apr 202502:31	–	cve
Cvelist	CVE-2025-3663 TOTOLINK A3700R Password cstecgi.cgi setWiFiEasyGuestCfg access control	16 Apr 202502:31	–	cvelist
EUVD	EUVD-2025-11470	3 Oct 202520:07	–	euvd
NVD	CVE-2025-3663	16 Apr 202503:15	–	nvd
OSV	CVE-2025-3663	16 Apr 202503:15	–	osv
Positive Technologies	PT-2025-16550 · Totolink · Totolink A3700R	15 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-3663	18 Apr 202502:49	–	redhatcve

Vulners

Node

totolink a3700rMatch9.1.2u.5822_b20200513

Source	Link
lavender-bicycle-a5a	www.lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setWiFiEasyCfg-1cb53a41781f809f807efe1284f5eb1a
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
totolink	www.totolink.net/
web	www.web.nvd.nist.gov/view/vuln/detail

23 May 2025 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 25

CVSS 35.3

EPSS0.08042

Privilege escalation Access control deficiency Cstecgi vulnerability Totolink A3700R WiFi Easy Config