CVE-2025-55901

CWE-77Command Injection3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 30.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink A3300r Firmware
Timeline
PublishedDec 15

Description

TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDtotolink/a3300r_firmware17.0.0cu.596_b20250515

🔴Vulnerability Details

2
GHSA
GHSA-v326-89w4-85qq: TOTOLINK A3300R V172025-12-15
CVEList
CVE-2025-55901: TOTOLINK A3300R V172025-12-15
CVE-2025-55901 (MEDIUM CVSS 6.5) | TOTOLINK A3300R V17.0.0cu.596_B2025 | cvebase.io