Sign-up

ID

VAR-202503-2843


CVE

CVE-2025-2955


TITLE

TOTOLINK  of  A3000RU  Vulnerability regarding improper permission settings in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007952

DESCRIPTION

A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3000RU The firmware contains vulnerabilities related to improper permission settings and access control.Information may be obtained. TOTOLINK A3000RU is a wireless router from China's Jiweng Electronics (TOTOLINK) company. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-2955 // JVNDB: JVNDB-2025-007952 // CNVD: CNVD-2025-12087

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12087

AFFECTED PRODUCTS

vendor:totolinkmodel:a3000ruscope:lteversion:5.9c.5185

Trust: 1.0

vendor:totolinkmodel:a3000ruscope:lteversion:a3000ru firmware 5.9c.5185 and earlier

Trust: 0.8

vendor:totolinkmodel:a3000ruscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3000ruscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3000ru <=5.9c.5185scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12087 // JVNDB: JVNDB-2025-007952 // NVD: CVE-2025-2955

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2955
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-007952
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-12087
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-2955
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-007952
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12087
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-2955
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-007952
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12087 // JVNDB: JVNDB-2025-007952 // NVD: CVE-2025-2955

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-266

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-007952 // NVD: CVE-2025-2955

EXTERNAL IDS

db:NVDid:CVE-2025-2955

Trust: 3.2

db:VULDBid:302008

Trust: 1.8

db:JVNDBid:JVNDB-2025-007952

Trust: 0.8

db:CNVDid:CNVD-2025-12087

Trust: 0.6

sources: CNVD: CNVD-2025-12087 // JVNDB: JVNDB-2025-007952 // NVD: CVE-2025-2955

REFERENCES

url:https://lavender-bicycle-a5a.notion.site/totolink-a3000ru-exportibmsconfig-1b953a41781f80b89397e8c34717eb94?pvs=4

Trust: 2.4

url:https://vuldb.com/?id.302008

Trust: 1.8

url:https://vuldb.com/?submit.521567

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.302008

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2955

Trust: 0.8

sources: CNVD: CNVD-2025-12087 // JVNDB: JVNDB-2025-007952 // NVD: CVE-2025-2955

SOURCES

db:CNVDid:CNVD-2025-12087
db:JVNDBid:JVNDB-2025-007952
db:NVDid:CVE-2025-2955

LAST UPDATE DATE

2025-07-05T23:20:23.154000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12087date:2025-06-11T00:00:00
db:JVNDBid:JVNDB-2025-007952date:2025-07-03T09:12:00
db:NVDid:CVE-2025-2955date:2025-07-02T18:04:07.640

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12087date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-007952date:2025-07-03T00:00:00
db:NVDid:CVE-2025-2955date:2025-03-30T18:15:14.767