cnvd - cnvd-2025-18926

CNVD-2025-18926

Vulnerability from cnvd - Published: 2025-08-20

Title

TOTOLINK A3700R命令注入漏洞

Description

TOTOLINK A3700R是一款无线路由器，由中国台湾网络设备制造商TOTOLINK（中国吉翁电子）推出。 TOTOLINK A3700R存在命令注入漏洞，漏洞位于/cgi-bin/cstecgi.cgi文件中，源于对hostName参数的处理不当。攻击者可利用该漏洞导致设备控制权获取，设备失效或被用于其他恶意活动等严重后果。

Severity

中

Patch Name

TOTOLINK A3700R命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/207.html

Reference

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md https://vuldb.com/?submit.377080 https://vuldb.com/?ctiid.272574

Impacted products

Name
TOTOLINK A3700R 9.1.2u.5822_B20200513

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-7160",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-7160"
    }
  },
  "description": "TOTOLINK A3700R\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\uff0c\u7531\u4e2d\u56fd\u53f0\u6e7e\u7f51\u7edc\u8bbe\u5907\u5236\u9020\u5546TOTOLINK\uff08\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\uff09\u63a8\u51fa\u3002\n\nTOTOLINK A3700R\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u4f4d\u4e8e/cgi-bin/cstecgi.cgi\u6587\u4ef6\u4e2d\uff0c\u6e90\u4e8e\u5bf9hostName\u53c2\u6570\u7684\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u63a7\u5236\u6743\u83b7\u53d6\uff0c\u8bbe\u5907\u5931\u6548\u6216\u88ab\u7528\u4e8e\u5176\u4ed6\u6076\u610f\u6d3b\u52a8\u7b49\u4e25\u91cd\u540e\u679c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/207.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-18926",
  "openTime": "2025-08-20",
  "patchDescription": "TOTOLINK A3700R\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\uff0c\u7531\u4e2d\u56fd\u53f0\u6e7e\u7f51\u7edc\u8bbe\u5907\u5236\u9020\u5546TOTOLINK\uff08\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\uff09\u63a8\u51fa\u3002\r\n\r\nTOTOLINK A3700R\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u4f4d\u4e8e/cgi-bin/cstecgi.cgi\u6587\u4ef6\u4e2d\uff0c\u6e90\u4e8e\u5bf9hostName\u53c2\u6570\u7684\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u63a7\u5236\u6743\u83b7\u53d6\uff0c\u8bbe\u5907\u5931\u6548\u6216\u88ab\u7528\u4e8e\u5176\u4ed6\u6076\u610f\u6d3b\u52a8\u7b49\u4e25\u91cd\u540e\u679c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TOTOLINK A3700R\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "TOTOLINK A3700R 9.1.2u.5822_B20200513"
  },
  "referenceLink": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md\r\nhttps://vuldb.com/?submit.377080\r\nhttps://vuldb.com/?ctiid.272574",
  "serverity": "\u4e2d",
  "submitTime": "2024-07-29",
  "title": "TOTOLINK A3700R\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-7160 (GCVE-0-2024-7160)

Vulnerability from cvelistv5 – Published: 2024-07-28 15:00 – Updated: 2024-08-01 21:52

Title

TOTOLINK A3700R cstecgi.cgi setWanCfg command injection

Summary

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-77 - Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.272574	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.272574	signaturepermissions-required
	https://vuldb.com/?submit.377080	third-party-advisory
	https://github.com/abcdefg-png/IoT-vulnerable/blo…	exploit

Impacted products

	Vendor	Product	Version
	TOTOLINK	A3700R	Affected: 9.1.2u.5822_B20200513

Credits

yhryhryhr_tu (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.5822_b20200513:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "a3700r_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "9.1.2u.5822_b20200513"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7160",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T13:29:48.121455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T13:30:39.583Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:30.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272574 | TOTOLINK A3700R cstecgi.cgi setWanCfg command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272574"
          },
          {
            "name": "VDB-272574 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272574"
          },
          {
            "name": "Submit #377080 | TOTOLINK A3700R V9.1.2u.5822_B20200513 Command Injection",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.377080"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "A3700R",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.2u.5822_B20200513"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_tu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine kritische Schwachstelle in TOTOLINK A3700R 9.1.2u.5822_B20200513 entdeckt. Betroffen hiervon ist die Funktion setWanCfg der Datei /cgi-bin/cstecgi.cgi. Mittels dem Manipulieren des Arguments hostName mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-28T15:00:07.203Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272574 | TOTOLINK A3700R cstecgi.cgi setWanCfg command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272574"
        },
        {
          "name": "VDB-272574 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272574"
        },
        {
          "name": "Submit #377080 | TOTOLINK A3700R V9.1.2u.5822_B20200513 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.377080"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-27T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-27T20:50:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK A3700R cstecgi.cgi setWanCfg command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7160",
    "datePublished": "2024-07-28T15:00:07.203Z",
    "dateReserved": "2024-07-27T18:43:00.373Z",
    "dateUpdated": "2024-08-01T21:52:30.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-18926

CVE-2024-7160 (GCVE-0-2024-7160)

Tags

Sightings

Nomenclature