CVE-2025-52376
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-15

Last updated on: 2025-07-15

Assigner: MITRE

Description
An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server is then accessible with hard-coded credentials, allowing attackers to gain administrative shell access and execute arbitrary commands on the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-15
Last Modified
2025-07-15
Generated
2026-05-07
AI Q&A
2025-07-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52376
EUVD
EUVD-2025-21439
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nexxt_solutions ncm-x1800 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an authentication bypass in the Nexxt Solutions NCM-X1800 Mesh Router firmware (UV1.2.7 and below). It allows an attacker to remotely enable the Telnet service via the /web/um_open_telnet.cgi endpoint without any authentication. Once enabled, the Telnet service can be accessed using hard-coded credentials, granting the attacker administrative shell access and the ability to execute arbitrary commands on the device. [1]


How can this vulnerability impact me? :

The vulnerability can lead to a complete compromise of the affected router. Attackers can gain root-level shell access, execute arbitrary commands, escalate privileges, and maintain persistent control over the device. This can result in unauthorized access to the network, interception or manipulation of data, and disruption of network services. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking if the Telnet service is enabled on the Nexxt Solutions NCM-X1800 Mesh Router and if the vulnerable endpoint `/web/um_open_telnet.cgi` is accessible remotely. One way is to attempt accessing the URL `http://<router-ip>/web/um_open_telnet.cgi` to see if it enables Telnet without authentication. Additionally, scanning the router for an open Telnet port (usually port 23) can indicate if the Telnet service is active. For example, you can use the command `nmap -p 23 <router-ip>` to check if Telnet is open. If Telnet is enabled, try logging in with the hard-coded credentials `telnetadmin:telnetadmin` to confirm vulnerability presence. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include disabling the Telnet service on the Nexxt Solutions NCM-X1800 Mesh Router if it is enabled, especially if it was enabled via the vulnerable endpoint. Change the default credentials if possible, and restrict remote access to the router's management interface to trusted networks only. Additionally, update the router firmware to a version above UV1.2.7 once a patch is available. If no patch is available, consider isolating the device from untrusted networks to prevent exploitation. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart