Authentication Bypass in TOTOLINK A7000R Firmware
CVE-2025-51452

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: A7000R Firmware
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-51452?

The vulnerability in TOTOLINK A7000R firmware version 9.1.0u.6115_B20201022 allows attackers to exploit a loophole in the authentication process. By sending a specially crafted request through the formLoginAuth.htm page, unauthorized individuals can gain access without valid login credentials. This flaw poses significant security threats, making it crucial for users to apply patches and secure their devices against potential unauthorized access.

References

https://www.totolink.net/home/menu/detail/menu_listtpl/do...

http://a7000rfirmware.com

https://gist.github.com/lin-3-start/5b20f6fbe3aa0c3fc75f3...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Jun 16, 2025