CVE-2025-68707

HIGH EPSS 32.6%
Published Jan 13, 20265mo ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints).

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
32.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-288

Affected Products 2

VendorProductVersionRange
tycctongyu_ax1800_firmware1.0.0any
tycctongyu_ax1800*any

References 3

  • github.com https://github.com/actuator/cve/blob/main/Tongyu/CVE-2025-68707.txt
    Third Party Advisory
  • github.com https://github.com/actuator/cve/tree/main/Tongyu
    ExploitThird Party Advisory
  • tongyucom.com https://www.tongyucom.com/product/ax1800.html
    Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.