Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.

AI Analysis

Unauthenticated Telnet enablement and root login via auth bypass in Toto Link X5000R AX1800 router

Basic Information

ID CVE-2025-13184

Source certcc

Published Dec 10, 2025 at 12:34

Modified Dec 10, 2025 at 15:21

Affected Product

Vendor Toto Link

Product X5000R's (AX1800 router)

Version V9.1.0u.6369_B20230113

Affected Versions Toto Link X5000R's (AX1800 router) 0

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Toto Link

Product X5000R AX1800 router

Version V9.1.0u.6369_B20230113

References

hackingbydoing.wixsite.com /hackingbydoing/post/totolink-x5000r-ax1800-router-authentication-bypass

{
    "lastseen": "",
    "description": "Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.",
    "published": "2025-12-10T12:34:54.590Z",
    "modified": "2025-12-10T15:21:20.666Z",
    "type": "cve",
    "title": "Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password",
    "source": "certcc",
    "references": "https://hackingbydoing.wixsite.com/hackingbydoing/post/totolink-x5000r-ax1800-router-authentication-bypass",
    "id": "CVE-2025-13184",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Toto Link X5000R's (AX1800 router) 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X5000R's (AX1800 router)",
    "version": "V9.1.0u.6369_B20230113",
    "vendor": "Toto Link",
    "ai_description": "Unauthenticated Telnet enablement and root login via auth bypass in Toto Link X5000R AX1800 router",
    "ai_severity": "Critical",
    "ai_vendor": "Toto Link",
    "ai_product": "X5000R AX1800 router",
    "ai_version": "V9.1.0u.6369_B20230113",
    "ai_score": 9.8
}

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password_CVE-2025-13184