CVE-2025-13184

|
CVE-2025-13184 vulnerability security critical severity CVE database totolink x5000r authentication bypass remote code execution

Summary

CVE-2025-13184 is a critical severity vulnerability affecting TOTOLINK X5000R routers. It allows unauthenticated attackers to enable Telnet access and gain root privileges due to an authentication bypass in the cstecgi.cgi script, ultimately leading to unauthenticated remote command execution.

Technical Details

The vulnerability lies in the cstecgi.cgi script of the TOTOLINK X5000R router firmware. This script fails to properly authenticate requests, allowing an attacker to send a specially crafted request to enable the Telnet service. Once Telnet is enabled, the router allows root login with a blank password. This combination of factors allows an attacker to gain complete control over the device without any authentication. The root cause is the insufficient validation of user input and the lack of proper authentication mechanisms within the cstecgi.cgi script. This allows an attacker to bypass the intended security measures and directly manipulate system settings.

The attack vector involves sending a malicious HTTP request to the cstecgi.cgi endpoint. This request contains parameters that trigger the Telnet service to be enabled. Once enabled, an attacker can connect to the router via Telnet and log in as root without providing a password. From there, the attacker can execute arbitrary commands on the system, potentially leading to data theft, malware installation, or complete device compromise.

Affected Products and Versions

The following TOTOLINK product and firmware version are confirmed to be affected by CVE-2025-13184. Earlier versions sharing the same implementation may also be vulnerable.

  • TOTOLINK X5000R Firmware V9.1.0u.6369_B20230113

Impact Assessment

Successful exploitation of CVE-2025-13184 can have severe consequences for users of affected TOTOLINK X5000R routers. An attacker can gain complete control over the device, leading to the following potential impacts:

  • Data Breach Risk: An attacker can access sensitive data stored on the router or transmitted through it, including login credentials, network configurations, and personal information.
  • System Compromise: The attacker can install malware, modify system settings, and use the compromised router as a bot in a botnet.
  • Denial of Service: The attacker can disrupt the router's functionality, causing network outages and preventing legitimate users from accessing the internet.
  • Lateral Movement: If the router is part of a larger network, the attacker can use it as a stepping stone to compromise other devices on the network.

The critical severity of this vulnerability stems from the ease of exploitation and the potential for complete system compromise without any authentication.

Remediation

Currently, there is no official patch available from TOTOLINK to address CVE-2025-13184. Users are advised to take the following steps to mitigate the risk:

Immediate Actions

  • Disable Telnet: If Telnet is enabled on your router, disable it immediately through the router's web interface. This will prevent attackers from exploiting the vulnerability even if they manage to enable Telnet.
  • Change Default Credentials: Ensure that the router's web interface login credentials (username and password) are changed from the default values. Use a strong, unique password.
  • Monitor Network Traffic: Monitor your network traffic for suspicious activity, such as unauthorized access attempts or unusual data transfers.

Long-term Solutions

  • Contact TOTOLINK Support: Contact TOTOLINK support and request a security patch for CVE-2025-13184. Emphasize the critical severity of the vulnerability and the potential impact on users.
  • Consider Alternative Routers: If TOTOLINK does not provide a timely security patch, consider replacing the affected router with a more secure alternative from a different vendor.
  • Implement Network Segmentation: Segment your network to limit the impact of a potential compromise. This can help prevent an attacker from gaining access to other devices on your network if the router is compromised.

We will update this advisory as soon as a patch becomes available.

References

The following resources provide additional information about CVE-2025-13184:

Detection & Scanning

Detecting CVE-2025-13184 requires careful analysis of network traffic and router configurations. You can check if Telnet is enabled on your router through the web interface. Additionally, monitoring network traffic for suspicious connections to port 23 (Telnet) from unauthorized sources can help identify potential exploitation attempts.

Scan Your Website

Secably AI Scanner can detect this and 50+ other vulnerabilities automatically.

Start Free Scan

Scan Your Website for Vulnerabilities

Discover security issues before attackers do. Our AI-powered scanner checks for the vulnerabilities discussed in this guide and more.

Start Free Scan