Incorrect Access Control Vulnerability in TOTOLINK Routers
CVE-2025-55895

9.1CRITICAL

Key Information:

Vendor: TOTOLINK
Status: A3300R and N200RE Routers
Vendor: CVE Published:; 15 December 2025

What is CVE-2025-55895?

TOTOLINK A3300R and N200RE routers are exposed to a vulnerability due to improper access control mechanisms. This flaw enables attackers to send malicious payloads to the device's interface without requiring authentication. As a result, unauthorized access can compromise the security of the devices, potentially leading to data breaches and network disruptions. Users are advised to update their firmware to mitigate the risks associated with this vulnerability.

References

https://www.totolink.net/

https://github.com/l0tk3/CVES/blob/main/CVE-2025-55895.pdf

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Aug 16, 2025

JSON