ID
VAR-202512-0097
CVE
CVE-2025-13184
TITLE
TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet
Trust: 0.8
sources:
CERT/CC: VU#821724
DESCRIPTION
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected. An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges.CVE-2025-13184 UnknownCVE-2025-13184 Unknown
Trust: 1.62
sources:
NVD: CVE-2025-13184 //
CERT/CC: VU#821724
AFFECTED PRODUCTS
| vendor: | totolink | model: | x5000r | scope: | eq | version: | 9.1.0u.6369_b20230113 | Trust: 1.0 |
sources:
NVD: CVE-2025-13184
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2025-13184
PROBLEMTYPE DATA
| problemtype: | CWE-863 | Trust: 1.0 |
sources:
NVD: CVE-2025-13184
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-13184 | Trust: 1.8 |
| db: | CERT/CC | id: | VU#821724 | Trust: 1.8 |
sources:
CERT/CC: VU#821724 //
NVD: CVE-2025-13184
REFERENCES
| url: | https://hackingbydoing.wixsite.com/hackingbydoing/post/totolink-x5000r-ax1800-router-authentication-bypass | Trust: 1.0 |
| url: | https://www.kb.cert.org/vuls/id/821724 | Trust: 1.0 |
sources:
NVD: CVE-2025-13184
CREDITS
We have not received a statement from the vendor.Sponsored by CISA.
Trust: 0.8
sources:
CERT/CC: VU#821724
SOURCES
| db: | CERT/CC | id: | VU#821724 |
| db: | NVD | id: | CVE-2025-13184 |
LAST UPDATE DATE
2025-12-20T23:32:35.891000+00:00
SOURCES UPDATE DATE
| db: | CERT/CC | id: | VU#821724 | date: | 2025-12-09T00:00:00 |
| db: | NVD | id: | CVE-2025-13184 | date: | 2025-12-19T19:27:20.293 |
SOURCES RELEASE DATE
| db: | CERT/CC | id: | VU#821724 | date: | 2025-12-09T00:00:00 |
| db: | NVD | id: | CVE-2025-13184 | date: | 2025-12-10T13:16:02.970 |