CVE-2025-3664: TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg access control
First published: Wed Apr 16 2025(Updated: )
A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A3700R Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3664?
CVE-2025-3664 is classified as a critical vulnerability.
What functionality is affected by CVE-2025-3664?
CVE-2025-3664 affects the setWiFiEasyGuestCfg function in the /cgi-bin/cstecgi.cgi file.
What type of access control issue is present in CVE-2025-3664?
CVE-2025-3664 involves improper access controls that could be exploited remotely.
Can CVE-2025-3664 be exploited remotely?
Yes, CVE-2025-3664 can be exploited remotely.
How can users mitigate CVE-2025-3664?
Users should update their TOTOLINK A3700R device firmware to the latest version to mitigate CVE-2025-3664.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/title
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- vendor/totolink
- canonical/totolink a3700r firmware