CVE-2025-55895
CRITICAL EPSS 20.9%
Published Dec 15, 20256mo ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Published Dec 15, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago
Description
TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
20.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-284
Affected Products 4
References 2
- github.com https://github.com/l0tk3/CVES/blob/main/CVE-2025-55895.pdf
- totolink.net https://www.totolink.net/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.