exploitDog

CVE-2025-68707

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints).

Ссылки

EPSS

Процентиль: 13%

0.00043

Низкий

8.8 High

CVSS3

Дефекты

CWE-288

Связанные уязвимости

GHSA-rjw7-q63j-3h5r

CVSS3: 8.8

github

25 дней назад

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints).

EPSS

Процентиль: 13%

0.00043

Низкий

8.8 High

CVSS3

Дефекты

CWE-288