exploitDog

CVE-2025-13184

Опубликовано: 10 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.

Ссылки

https://hackingbydoing.wixsite.com/hackingbydoing/post/totolink-x5000r-ax1800-router-authentication-bypass
Exploit
Third Party Advisory
https://www.kb.cert.org/vuls/id/821724
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6369_b20230113:*:*:*:*:*:*:*

cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.0043

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-xr55-5xvm-9rw7

CVSS3: 9.8

github

около 2 месяцев назад

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.

EPSS

Процентиль: 62%

0.0043

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863