Authentication Bypass Vulnerability in Totolink X5000R Router
CVE-2025-13184

9.8CRITICAL

Key Information:

Vendor: Toto Link
Status: X5000r's (ax1800 Router)
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-13184?

The vulnerability allows unauthorized users to enable Telnet access on the Totolink X5000R router via cstecgi.cgi, resulting in an opportunity for attackers to gain unauthenticated root login with a blank password. This security lapse can allow an individual to execute arbitrary commands on the device, posing significant risks for anyone using affected versions of the router. Users are urged to update their devices to mitigate potential exploitations.

Affected Version(s)

X5000R's (AX1800 router) 0

References

https://hackingbydoing.wixsite.com/hackingbydoing/post/to...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Nov 14, 2025

JSON

Toto Link

What is CVE-2025-13184?

Affected Version(s)

References

CVSS V3.1

Timeline