Details of VAR-202508-2106

ID

VAR-202508-2106

CVE

CVE-2025-55584

TITLE

TOTOLINK of A3002R Firmware vulnerability related to the use of weak credentials

Trust: 0.8

sources: JVNDB: JVNDB-2025-012094

DESCRIPTION

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. TOTOLINK of A3002R The firmware is vulnerable to the use of weak credentials.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-55584 // JVNDB: JVNDB-2025-012094

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002r	scope:	eq	version:	4.0.0-b20230531.1404	Trust: 1.0
vendor:	totolink	model:	a3002r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	a3002r firmware 4.0.0-b20230531.1404	Trust: 0.8

sources: JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55584
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-012094
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55584
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-012094
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

PROBLEMTYPE DATA

problemtype:	CWE-1391	Trust: 1.0
problemtype:	Using weak credentials (CWE-1391) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

EXTERNAL IDS

db:	NVD	id:	CVE-2025-55584	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-012094	Trust: 0.8

sources: JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

REFERENCES

url:	https://github.com/goldenglow21/softwares_poc/blob/main/a3002r_v4/telnet/poc.md	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-55584	Trust: 0.8

sources: JVNDB: JVNDB-2025-012094 // NVD: CVE-2025-55584

SOURCES

db:	JVNDB	id:	JVNDB-2025-012094
db:	NVD	id:	CVE-2025-55584

LAST UPDATE DATE

2025-08-24T23:03:39.380000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-012094	date:	2025-08-22T06:02:00
db:	NVD	id:	CVE-2025-55584	date:	2025-08-21T14:10:05.993

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-012094	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-55584	date:	2025-08-18T20:15:30.467