CVE-2025-13184

Critical CVSS: 9.8

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.

Vendor

Totolink

Product

X5000r Firmware

CWE

CWE-863

Yayın Tarihi

2025-12-10 13:16:02

Güncelleme

2025-12-19 19:27:20

Source Identifier

cret@cert.org

KEV Date Added

Kategoriler

CWE-863 X5000r Firmware CRITICAL Totolink 2025

Referanslar

https://hackingbydoing.wixsite.com/hackingbydoing/post/totolink-x5000r-ax1800-router-authentication-bypass https://www.kb.cert.org/vuls/id/821724

Benzer Kayıtlar

Critical

CVE-2026-31027

TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste…

Medium

CVE-2026-5178

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the func…

Medium

CVE-2026-5177

A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function…

Medium

CVE-2026-5176

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of…

Medium

CVE-2026-5105

A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassC…

Medium

CVE-2026-5104

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStatic…