CVE-2025-3663 TOTOLINK A3700R Password cstecgi.cgi setWiFiEasyGuestCfg access control

🗓️ 16 Apr 2025 02:31:06Reported by VulDBType

Critical vulnerability in TOTOLINK A3700R allows remote access control manipulation.

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the setWiFiEasyCfg/setWiFiEasyGuestCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3700R wireless router software allows a attacker to escalate their privileges.	23 May 202500:00	–	bdu_fstec
Circl	CVE-2025-3663	16 Apr 202502:55	–	circl
CNNVD	TOTOLINK A3700R 安全漏洞	16 Apr 202500:00	–	cnnvd
CNVD	TOTOLINK A3700R Improper Access Control Vulnerability	22 Apr 202500:00	–	cnvd
CVE	CVE-2025-3663	16 Apr 202502:31	–	cve
EUVD	EUVD-2025-11470	3 Oct 202520:07	–	euvd
NVD	CVE-2025-3663	16 Apr 202503:15	–	nvd
OSV	CVE-2025-3663	16 Apr 202503:15	–	osv
Positive Technologies	PT-2025-16550 · Totolink · Totolink A3700R	15 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-3663	18 Apr 202502:49	–	redhatcve

[
  {
    "vendor": "TOTOLINK",
    "product": "A3700R",
    "versions": [
      {
        "version": "9.1.2u.5822_B20200513",
        "status": "affected"
      }
    ],
    "modules": [
      "Password Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
totolink	www.totolink.net/
vuldb	www.vuldb.com/
lavender-bicycle-a5a	www.lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setWiFiEasyCfg-1cb53a41781f809f807efe1284f5eb1a
vuldb	www.vuldb.com/

16 Apr 2025 02:31Current

CVSS 25

CVSS 3.15.3

CVSS 35.3

CVSS 46.9

EPSS0.02149