Totolink A3700R Firmware vulnerabilities
43 known vulnerabilities affecting totolink/a3700r_firmware.
Total CVEs
43
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL17HIGH15MEDIUM11
Vulnerabilities
Page 1 of 3
CVE-2026-1143HIGHCVSS 7.4v9.1.2u.5822_b202005132026-01-19
CVE-2026-1143 [HIGH] CWE-119 CVE-2026-1143: A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function s
A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
nvd
CVE-2025-3665MEDIUMCVSS 6.9v9.1.2u.5822_b202005132025-04-16
CVE-2025-3665 [MEDIUM] CWE-266 CVE-2025-3665: A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical.
A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The ven
nvd
CVE-2025-3664MEDIUMCVSS 6.9v9.1.2u.5822_b202005132025-04-16
CVE-2025-3664 [MEDIUM] CWE-266 CVE-2025-3664: A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B2020051
A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor
nvd
CVE-2025-3675MEDIUMCVSS 6.9v9.1.2u.5822_b202005132025-04-16
CVE-2025-3675 [MEDIUM] CWE-266 CVE-2025-3675: A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been rated as critical. A
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-3668MEDIUMCVSS 6.9v9.1.2u.5822_b202005132025-04-16
CVE-2025-3668 [MEDIUM] CWE-266 CVE-2025-3668: A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor
nvd
CVE-2025-3666MEDIUMCVSS 6.9v9.1.2u.5822_b202005132025-04-16
CVE-2025-3666 [MEDIUM] CWE-266 CVE-2025-3666: A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affec
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacte
nvd
CVE-2025-3663MEDIUMCVSS 6.9v9.1.2u.5822_b202005132025-04-16
CVE-2025-3663 [MEDIUM] CWE-266 CVE-2025-3663: A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20
A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been
nvd
CVE-2025-3674MEDIUMCVSS 6.9v9.1.2u.5822_b202005132025-04-16
CVE-2025-3674 [MEDIUM] CWE-266 CVE-2025-3674: A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-3667MEDIUMCVSS 6.9v9.1.2u.5822_b202005132025-04-16
CVE-2025-3667 [MEDIUM] CWE-266 CVE-2025-3667: A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critic
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was c
nvd
CVE-2024-42545CRITICALCVSS 9.8v9.1.2u.5822_b202005132024-08-12
CVE-2024-42545 [CRITICAL] CWE-120 CVE-2024-42545: TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.
nvd
CVE-2024-42543CRITICALCVSS 9.8v9.1.2u.5822_b202005132024-08-12
CVE-2024-42543 [CRITICAL] CWE-120 CVE-2024-42543: TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host paramete
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
nvd
CVE-2024-7160MEDIUMCVSS 5.3v9.1.2u.5822_b202005132024-07-28
CVE-2024-7160 [MEDIUM] CWE-77 CVE-2024-7160: A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affe
A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574
nvd
CVE-2024-7156MEDIUMCVSS 6.9v9.1.2u.5822_b202005132024-07-28
CVE-2024-7156 [MEDIUM] CWE-200 CVE-2024-7156: A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Af
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed
nvd
CVE-2024-7154MEDIUMCVSS 5.3v9.1.2u.5822_b202005132024-07-28
CVE-2024-7154 [MEDIUM] CWE-284 CVE-2024-7154: A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B2020
A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma
nvd
CVE-2024-37637CRITICALCVSS 9.8v9.1.2u.6165_202110122024-06-14
CVE-2024-37637 [CRITICAL] CWE-120 CVE-2024-37637: TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the f
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.
nvd
CVE-2024-37640HIGHCVSS 8.8v9.1.2u.6165_202110122024-06-14
CVE-2024-37640 [HIGH] CWE-121 CVE-2024-37640: TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the f
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.
nvd
CVE-2024-37639HIGHCVSS 8.8v9.1.2u.6165_202110122024-06-14
CVE-2024-37639 [HIGH] CWE-121 CVE-2024-37639: TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the fu
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.
nvd
CVE-2024-37632CRITICALCVSS 9.8v9.1.2u.6165_202110122024-06-13
CVE-2024-37632 [CRITICAL] CWE-120 CVE-2024-37632: TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password pa
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .
nvd
CVE-2024-37635CRITICALCVSS 9.8v9.1.2u.6165_202110122024-06-13
CVE-2024-37635 [CRITICAL] CWE-120 CVE-2024-37635: TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the fun
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg
nvd
CVE-2024-37634CRITICALCVSS 9.8v9.1.2u.6165_202110122024-06-13
CVE-2024-37634 [CRITICAL] CWE-121 CVE-2024-37634: TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the fun
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.
nvd
1 / 3Next →