CVE-2024-7154

MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in Password Reset Handler

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Third Party Advisory vdb-entry

https://vuldb.com/?id.272568

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.272568

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.377463

Exploit exploit

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWizardCfg_changepw.md

Scores

CVSS v3 4.3

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284 CWE-306

Status published

Products (1)

totolink/a3700r_firmware 9.1.2u.5822_b20200513

Published Jul 28, 2024

Tracked Since Feb 18, 2026