CVE-2025-3667: TOTOLINK A3700R cstecgi.cgi setUPnPCfg access control
First published: Wed Apr 16 2025(Updated: )
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A3700R Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3667?
CVE-2025-3667 is classified as a critical vulnerability.
How do I fix CVE-2025-3667?
To fix CVE-2025-3667, update the TOTOLINK A3700R firmware to the latest version that addresses this vulnerability.
What type of access does CVE-2025-3667 allow?
CVE-2025-3667 allows improper access controls, which can potentially lead to unauthorized remote attacks.
Which device is affected by CVE-2025-3667?
CVE-2025-3667 affects the TOTOLINK A3700R router.
Where in the software does CVE-2025-3667 occur?
CVE-2025-3667 occurs in the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/source
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/totolink
- canonical/totolink a3700r firmware