VDB
CVE-2025-13184
CVE-2025-13184
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.
EPSS 0.63% · 70.7th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.63%
70.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toto Link | X5000R's (AX1800 router) | 0 |
| totolink | x5000r_firmware | * |
Timeline
- Dec 10, 2025 PoC Published
- Dec 10, 2025 CVE Published
- Dec 10, 2025 PoC Published
- Dec 10, 2025 PoC Published
- Dec 10, 2025 CVE Updated
- Dec 11, 2025 EPSS Score
- Dec 15, 2025 EPSS Score
- Dec 16, 2025 PoC Published
- Dec 19, 2025 EPSS Score
- Dec 23, 2025 EPSS Score
- Dec 28, 2025 EPSS Score
- Jan 1, 2026 EPSS Score