CVE-2025-3668 – This vulnerability allows remote attackers to b... (How to Fix)

Q: What is the severity of CVE-2025-3668?

CVE-2025-3668 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows remote attackers to bypass access controls on TOTOLINK A3700R routers via the setScheduleCfg function in the web interface. Attackers can manipulate schedule configurations without proper authentication. Users running the affected firmware version are at risk.

📋 TL;DR

This vulnerability allows remote attackers to bypass access controls on TOTOLINK A3700R routers via the setScheduleCfg function in the web interface. Attackers can manipulate schedule configurations without proper authentication. Users running the affected firmware version are at risk.

💻 Affected Systems

Products:

TOTOLINK A3700R

Versions: 9.1.2u.5822_B20200513

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface accessible via HTTP/HTTPS.

📦 What is this software?

A3700r Firmware by Totolink

View all CVEs affecting A3700r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing configuration changes, network traffic interception, or device takeover.

🟠

Likely Case

Unauthorized modification of router settings, potentially disrupting network services or enabling further attacks.

🟢

If Mitigated

No impact if proper network segmentation and access controls prevent external access to the router's web interface.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit details exist.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available and the vulnerability requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Log into router admin panel. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Login to router admin panel
Navigate to Remote Management settings
Disable remote access/WAN administration

Network Segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to block external access to router IP on ports 80/443
Use VLANs to separate management traffic

🧯 If You Can't Patch

Replace affected devices with supported models from different vendors
Implement strict network access controls to limit who can reach the router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin panel under System Status or Firmware Upgrade section.

Check Version:

Login to router web interface and check System Information page.

Verify Fix Applied:

Verify firmware version has changed from 9.1.2u.5822_B20200513 to a newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual access to /cgi-bin/cstecgi.cgi with setScheduleCfg parameter
Multiple failed authentication attempts followed by configuration changes

Network Indicators:

HTTP POST requests to router IP on port 80/443 containing setScheduleCfg parameter
Unusual configuration changes from unexpected source IPs

SIEM Query:

source_ip=* AND dest_ip=[router_ip] AND (url_path="/cgi-bin/cstecgi.cgi" AND http_method="POST" AND url_query="*setScheduleCfg*")

📊 Metadata

CVE ID: CVE-2025-3668

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-266

EPSS Score: 0.64% exploit probability (69.9th percentile)

Published: April 16, 2025

Last Updated: May 12, 2025

🔗 References

https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setScheduleCfg-1cb53a41781f8042a841e2e19e010464?pvs=4 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.304846 Permissions Required
https://vuldb.com/?id.304846 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.551300 Third Party Advisory,VDB Entry
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3668, you might also want to check these: