Details of VAR-202508-2106

ID

VAR-202508-2106

CVE

CVE-2025-55584

TITLE

TOTOLINK of A3002R Firmware vulnerability related to the use of weak credentials

Trust: 0.8

sources: JVNDB: JVNDB-2025-012094

DESCRIPTION

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. TOTOLINK of A3002R The firmware is vulnerable to the use of weak credentials.Information may be obtained. The TOTOLINK A3002R is a wireless router manufactured by the Chinese company TOTOLINK. Its primary function is to provide wireless network connectivity for homes and small offices. Detailed vulnerability details are not available at this time

Trust: 2.16

sources: NVD: CVE-2025-55584 // JVNDB: JVNDB-2025-012094 // CNVD: CNVD-2025-20937

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-20937

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002r	scope:	eq	version:	4.0.0-b20230531.1404	Trust: 1.0
vendor:	totolink	model:	a3002r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	a3002r firmware 4.0.0-b20230531.1404	Trust: 0.8
vendor:	totolink	model:	a3002r v4.0.0-b20230531.1404	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-20937 // JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55584
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-012094
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-20937
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-20937
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55584
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-012094
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-20937 // JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

PROBLEMTYPE DATA

problemtype:	CWE-1391	Trust: 1.0
problemtype:	Using weak credentials (CWE-1391) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

EXTERNAL IDS

db:	NVD	id:	CVE-2025-55584	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-012094	Trust: 0.8
db:	CNVD	id:	CNVD-2025-20937	Trust: 0.6

sources: CNVD: CNVD-2025-20937 // JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

REFERENCES

url:	https://github.com/goldenglow21/softwares_poc/blob/main/a3002r_v4/telnet/poc.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2025-55584	Trust: 0.8

sources: CNVD: CNVD-2025-20937 // JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

SOURCES

db:	CNVD	id:	CNVD-2025-20937
db:	JVNDB	id:	JVNDB-2025-012094
db:	NVD	id:	CVE-2025-55584

LAST UPDATE DATE

2025-09-12T23:41:02.598000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-20937	date:	2025-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-012094	date:	2025-08-22T06:02:00
db:	NVD	id:	CVE-2025-55584	date:	2025-08-21T14:10:05.993

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-20937	date:	2025-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-012094	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-55584	date:	2025-08-18T20:15:30.467