PT-2025-51313 · Totolink · Totolink N200Re+1
L0Tk3
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2025-55895
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3300R version V17.0.0cu.557 B20221024
TOTOLINK N200RE versions V9.3.5u.6448 B20240521 and V9.3.5u.6437 B20230519
Description
The devices are susceptible to an Incorrect Access Control issue, allowing attackers to send payloads to the interface without authentication, enabling remote exploitation.
Recommendations
TOTOLINK A3300R version V17.0.0cu.557 B20221024: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
TOTOLINK N200RE version V9.3.5u.6448 B20240521: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
TOTOLINK N200RE version V9.3.5u.6437 B20230519: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3300R
Totolink N200Re