Cyber Posture

CVE-2025-68707

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0022 43.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full…

more

compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints).

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Explicitly identifies and prohibits sensitive configuration changes without identification or authentication, directly countering the authentication bypass vulnerability.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to configuration endpoints like /boaform/formSaveConfig, preventing unauthenticated arbitrary changes.

CM-5 Access Restrictions for Change good match
prevent

Restricts access to configuration change capabilities to authorized users only, mitigating exploitation for full device compromise.

Security SummaryAI

CVE-2025-68707 is an authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware version 1.0.0. It enables unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. Exploitation occurs through unauthenticated access to endpoints such as /boaform/formSaveConfig and /boaform/admin, potentially resulting in full compromise of the device. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-288.

Attackers adjacent to the network, requiring no privileges or user interaction, can exploit this issue with low complexity. By leveraging an active admin session, they gain the ability to alter configurations arbitrarily, achieving high impacts on confidentiality, integrity, and availability, up to complete device takeover.

Mitigation guidance and further details are available in advisories at https://github.com/actuator/cve/blob/main/Tongyu/CVE-2025-68707.txt and https://github.com/actuator/cve/tree/main/Tongyu, along with the product page at https://www.tongyucom.com/product/ax1800.html.

Details

CWE(s)
CWE-288

Affected Products

tycc
tongyu ax1800 firmware
1.0.0

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Vulnerability enables unauthenticated exploitation of the router's remote web management service (/boaform endpoints) for arbitrary configuration changes and full device compromise, directly mapping to T1210 (Exploitation of Remote Services) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References