CRITICAL🇵🇱 Wersja polska

CVE-2025-13184

CVSS 9.8v3.1pub. 2025-12-10upd. 2025-12-19

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.

🤖 AI Analysis
How it works

The attacker sends a specially crafted request to the cstecgi.cgi script, bypassing the authentication mechanism (auth bypass, CWE-863 — improper authorization verification). As a result, the Telnet service is activated on the device. After Telnet is enabled, the attacker can log in to the root account with an empty password, which is the default behavior of the device after factory reset or reboot. The entire attack can be performed remotely, without prior authentication and without user interaction.

Impact

The attacker gains full, unauthorized access to the system shell with root privileges, enabling arbitrary command execution, complete device takeover, network configuration modification, and potential use of the router as an entry point to the local network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until updates are applied, it is recommended to block access to the device management interface (cstecgi.cgi) from untrusted networks and to disable or restrict Telnet service access at the firewall level. The device should not be directly exposed to the internet.

Who is affected

Totolink X5000R Firmware version V9.1.0u.6369_B20230113. Earlier versions using the same implementation may also be vulnerable.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink X5000r

    HW
    Totolink
    wszystkie wersje
  • Totolink X5000r Firmware

    OS
    Totolink
    9.1.0u.6369_b20230113
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-70327CRITICAL9.8PL ✓ten sam produkt

TOTOLINK X5000R — argument injection w setDiagnosisCfg prowadzący do DoS

CVE-2024-32353CRITICAL9.8PL ✓ten sam produkt

Command injection w TOTOLINK X5000R — podatność RCE przez parametr 'port'

CVE-2024-28639CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w TOTOLINK X5000R i A7000R — RCE przez pole IP

CVE-2023-36950CRITICAL9.8ten sam produkt

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...

CVE-2023-36947CRITICAL9.8ten sam produkt

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...