Command Injection Vulnerability in TOTOLINK A3300R Router
CVE-2025-55901

6.5MEDIUM

Key Information:

Vendor: TOTOLINK
Status: A3300R
Vendor: CVE Published:; 15 December 2025

What is CVE-2025-55901?

The TOTOLINK A3300R router is susceptible to a command injection vulnerability through the NTPSyncWithHost function. This issue arises from improper handling of the host_time parameter, allowing an attacker to execute arbitrary commands on the device. Ensuring timely updates and security measures is crucial for protecting affected units from potential exploitation.

References

https://www.totolink.net

https://github.com/l0tk3/CVES/blob/main/CVE-2025-55901.pdf

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Aug 16, 2025

JSON