CVE-2025-55895

CRITICAL EPSS 20.9%
Published Dec 15, 20256mo ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Critical
Find Similar
Published Dec 15, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
20.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-284

Affected Products 4

VendorProductVersionRange
totolinka3300r_firmware17.0.0cu.557_b20221024any
totolinka3300r*any
totolinkn200re_firmware9.3.5u.6437_b20230519any
totolinkn200re*any

References 2

  • github.com https://github.com/l0tk3/CVES/blob/main/CVE-2025-55895.pdf
    ExploitThird Party Advisory
  • totolink.net https://www.totolink.net/
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.