Command Injection Vulnerability in TOTOLINK N200RE Router
CVE-2025-55893

6.5MEDIUM

Key Information:

Vendor: TOTOLINK
Status: N200RE
Vendor: CVE Published:; 15 December 2025

What is CVE-2025-55893?

The TOTOLINK N200RE router version V9.3.5u.6437_B20230519 is susceptible to a command injection vulnerability through the setOpModeCfg function when manipulating the hostName parameter. This weakness can potentially allow unauthorized access, enabling attackers to execute arbitrary commands and compromising the network integrity. Users are advised to apply security patches and follow best practices to mitigate risks associated with unauthorized command execution.

References

https://www.totolink.net/

https://github.com/l0tk3/CVES/blob/main/CVE-2025-55893.pdf

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Aug 16, 2025

JSON