CVE-2025-55895
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-17
Assigner: MITRE
Description
Description
TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 |
| totolink | a3300r | * |
| totolink | n200re_firmware | 9.3.5u.6437_b20230519 |
| totolink | n200re | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Access Control issue in TOTOLINK A3300R and N200RE devices. It allows attackers to send payloads to the device interface remotely without needing to log in, potentially bypassing authentication mechanisms.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized remote attackers to interact with the device interface without authentication, which may lead to unauthorized access, manipulation of device settings, or other malicious activities that compromise the security and functionality of the affected devices.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70