CVE-2025-55895

Published: Dec 15, 2025Modified: Dec 17, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).

Affected (2)

Products: Totolink: A3300r Firmware, N200re Firmware

Totolink

2 products

A3300r Firmware

N200re Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3300r Firmware	Version 17.0.0cu.557_b20221024

Running on/with	Platform Versions
Totolink A3300r	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N200re Firmware	Version 9.3.5u.6437_b20230519

Running on/with	Platform Versions
Totolink N200re	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://github.com/l0tk3/CVES/blob/main/CVE-2025-55895.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.totolink.net/

Source: cve@mitre.org

Product

Timeline

No history available yet.