l0tk3/CVES

Releases0

Descriptions of various CVEs

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-55895 ↗	Dec 15, 2025Monday, 15 December 2025, 21:15	9.1 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).
CVE-2025-55893 ↗	Dec 15, 2025Monday, 15 December 2025, 17:15	6.5 MEDIUM	—
TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Injection in setOpModeCfg via hostName.
CVE-2025-55901 ↗	Dec 15, 2025Monday, 15 December 2025, 17:15	6.5 MEDIUM	—
TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter.