CVE-2025-51452
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a7000r_firmware | 9.1.0u.6115_b20201022 |
| totolink | a7000r | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-51452 is a vulnerability in the TOTOLINK A7000R router firmware version 9.1.0u.6115_B20201022 that allows an attacker to bypass the login authentication. By sending a specially crafted request to the formLoginAuth.htm endpoint, an attacker can gain unauthorized access to the device without needing valid credentials, effectively bypassing the normal login process. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users to access your TOTOLINK A7000R router without authentication. This unauthorized access could lead to control over the device, potential changes to network settings, interception of network traffic, or other malicious activities compromising your network security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP requests sent to the formLoginAuth.htm endpoint on the TOTOLINK A7000R router firmware version 9.1.0u.6115_B20201022. Specifically, detection involves identifying crafted requests attempting to bypass login authentication. Network administrators can use tools like curl or wget to simulate such requests for testing purposes. For example, a command like `curl -X POST http://<router-ip>/formLoginAuth.htm -d '<crafted_payload>'` can be used to test if the device is vulnerable. Additionally, inspecting web server logs for unusual POST requests to formLoginAuth.htm may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the router's management interface to trusted networks only, such as limiting access via firewall rules or disabling remote management. If possible, upgrade the router firmware to a version newer than 9.1.0u.6115_B20201022 where this vulnerability is fixed. If no patch is available, consider performing a factory reset and reconfiguring the device securely, and monitor for unauthorized access attempts. Additionally, changing default credentials and disabling unnecessary services can reduce risk. [1, 2]