CVE 9.1 CRITICAL

CVE-2025-55895_CVE-2025-55895

December 16, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).

AI Analysis

Incorrect Access Control vulnerability in TOTOLINK A3300R and N200RE, allowing remote attackers to send payloads without logging in.

Basic Information

ID CVE-2025-55895

Source mitre

Published Dec 15, 2025 at 00:00

Modified Dec 16, 2025 at 14:36

Affected Product

Vendor TOTOLINK

Product TOTOLINK A3300R, TOTOLINK N200RE

Version V17.0.0cu.557_B20221024, V9.3.5u.6448_B20240521, V9.3.5u.6437_B20230519

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor TOTOLINK

Product TOTOLINK A3300R, TOTOLINK N200RE

Version V17.0.0cu.557_B20221024, V9.3.5u.6448_B20240521, V9.3.5u.6437_B20230519

References

{
    "lastseen": "",
    "description": "TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).",
    "published": "2025-12-15T00:00:00.000Z",
    "modified": "2025-12-16T14:36:18.097Z",
    "type": "cve",
    "title": "CVE-2025-55895",
    "source": "mitre",
    "references": "https://www.totolink.net/\nhttps://github.com/l0tk3/CVES/blob/main/CVE-2025-55895.pdf",
    "id": "CVE-2025-55895",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TOTOLINK A3300R, TOTOLINK N200RE",
    "version": "V17.0.0cu.557_B20221024, V9.3.5u.6448_B20240521, V9.3.5u.6437_B20230519",
    "vendor": "TOTOLINK",
    "ai_description": "Incorrect Access Control vulnerability in TOTOLINK A3300R and N200RE, allowing remote attackers to send payloads without logging in.",
    "ai_severity": "Critical",
    "ai_vendor": "TOTOLINK",
    "ai_product": "TOTOLINK A3300R, TOTOLINK N200RE",
    "ai_version": "V17.0.0cu.557_B20221024, V9.3.5u.6448_B20240521, V9.3.5u.6437_B20230519",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply