{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/821724#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nAn unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges.\r\n### Description\r\nTOTOLINK manufactures routers and other networking equipment designed for small businesses and home implementations. The AX1800 routers are popular with users connecting multiple internet-capable devices. \r\n\r\nThe TOTOLINK AX1800 routers are missing authentication in /cgi-bin/cstecgi.cgi?action=telnet endpoint may result in arbitrary command execution at the administrative level. This vulnerability is being tracked by CVE-2025-13184.\r\n### Impact\r\nThe impact options include full access to configuration and filesystems. This level of access would provide an attacker the capability to modify routing DNS routing, intercept traffic, and achieve lateral movement across the local area network.  There is a potential for wide area (WAN) network access if router management or telnet becomes externally reachable.\r\n### Solution\r\nThe CERT/CC is currently unaware of a practical solution to this problem. For complete remediation, a firmware update is necessary.\r\n#### Mitigation Suggestions\r\n1. Ensure the web management interface is not exposed to the WAN or any untrusted network. Restrict access to the administrative interface to trusted management hosts only.\r\n\r\n2. Treat the X5000R router as untrusted from a security boundary point of view. Where possible, place it behind a separate firewall or router and avoid using it as the primary edge device.\r\n\r\n3. Block or monitor unexpected traffic to telnet (TCP port 23) on the device. The sudden appearance of an open telnet service on the router is a strong indicator of exploitation.\r\n### Acknowledgements\r\nThanks to the reporter, HackingByDoing. This document was written by Laurie Tyzenhaus.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/821724"}],"title":"TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet","tracking":{"current_release_date":"2025-12-09T19:27:16+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#821724","initial_release_date":"2025-12-09 00:00:00+00:00","revision_history":[{"date":"2025-12-09T19:27:16+00:00","number":"1.20251209192716.1","summary":"Released on 2025-12-09T19:27:16+00:00"}],"status":"final","version":"1.20251209192716.1"}},"vulnerabilities":[{"title":"Unauthenticated Telnet enablement via cstecgi.","notes":[{"category":"summary","text":"Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected."}],"cve":"CVE-2025-13184","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#821724"}]}],"product_tree":{"branches":[]}}