CVE-2025-55895

CWE-284Improper Access Control3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.1%
top 67.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A3300r FirmwareTotolink N200re Firmware
Timeline
PublishedDec 15

Description

TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDtotolink/a3300r_firmware17.0.0cu.557_b20221024
NVDtotolink/n200re_firmware9.3.5u.6437_b20230519

🔴Vulnerability Details

2
GHSA
GHSA-m6vv-4wpw-vqfc: TOTOLINK A3300R V172025-12-15
CVEList
CVE-2025-55895: TOTOLINK A3300R V172025-12-15
CVE-2025-55895 (CRITICAL CVSS 9.1) | TOTOLINK A3300R V17.0.0cu.557_B2022 | cvebase.io