CVE Catalog

CVE-2025-51452

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

In TOTOLINK A7000R firmware version 9.1.0u.6115_B20201022, a vulnerability allows login bypass. An attacker can send a crafted request to formLoginAuth.htm to gain unauthorized access.

Risk Assessment

The risk involves potential takeover of the router without valid credentials, leading to network and data security breaches.

Recommendation

Immediately update the firmware to the latest version and restrict administrative panel access to trusted IP addresses only.

Original NVD description (English source)

In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS