CVE-2025-3668: TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control
First published: Wed Apr 16 2025(Updated: )
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A3700R Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3668?
CVE-2025-3668 has been declared as a critical severity vulnerability.
What type of vulnerability is CVE-2025-3668?
CVE-2025-3668 is an improper access control vulnerability affecting the function setScheduleCfg.
How does CVE-2025-3668 affect the TOTOLINK A3700R?
CVE-2025-3668 allows remote attackers to manipulate certain settings due to improper access controls.
Can CVE-2025-3668 be exploited remotely?
Yes, CVE-2025-3668 can be exploited remotely by attackers.
How do I mitigate CVE-2025-3668?
To mitigate CVE-2025-3668, ensure that you apply the latest firmware update provided by TOTOLINK.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/source
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/totolink
- canonical/totolink a3700r firmware