CVE-2025-44018
📋 TL;DR
This CVE describes a firmware downgrade vulnerability in GL-Inet GL-AXT1800 routers where attackers can perform man-in-the-middle attacks to deliver malicious .tar files that force the device to install older, potentially vulnerable firmware versions. This affects users of GL-AXT1800 routers with firmware version 4.7.0 who perform OTA updates over untrusted networks.
💻 Affected Systems
- GL-Inet GL-AXT1800
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could downgrade firmware to versions with known critical vulnerabilities, then chain exploits to gain full device control, intercept network traffic, or pivot to internal networks.
Likely Case
Attackers on the same network could downgrade firmware to versions with known exploits, potentially gaining administrative access to the router.
If Mitigated
With proper network segmentation and HTTPS verification, the attack surface is limited to attackers with privileged network access.
🎯 Exploit Status
Requires man-in-the-middle position and ability to intercept/modify OTA update traffic; no authentication needed to trigger the downgrade.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor for latest firmware > 4.7.0
Vendor Advisory: https://www.gl-inet.com/security/
Restart Required: Yes
Instructions:
1. Log into router admin interface. 2. Navigate to System > Firmware Upgrade. 3. Download latest firmware from official GL-Inet website. 4. Upload and install the firmware. 5. Router will reboot automatically.
🔧 Temporary Workarounds
Disable automatic OTA updates
allPrevent automatic firmware updates that could be intercepted
Log into admin interface > System > Firmware Upgrade > Disable 'Auto Update'
Use wired connections for updates
allPerform firmware updates only over wired Ethernet connections to reduce MITM risk
🧯 If You Can't Patch
- Segment router management traffic to dedicated VLAN separate from user traffic
- Implement network monitoring for unexpected firmware version changes or downgrade attempts
🔍 How to Verify
Check if Vulnerable:
Check firmware version in router admin interface: System > Status > Firmware VersionCheck Version:
ssh admin@router-ip 'cat /etc/glversion' or check web interfaceVerify Fix Applied:
Verify firmware version is updated beyond 4.7.0 and attempt manual update from trusted source succeeds📡 Detection & Monitoring
Log Indicators:
- Unexpected firmware downgrade events
- OTA update failures or anomalies
- Firmware version changes without administrator action
Network Indicators:
- Unencrypted firmware download traffic
- Unexpected .tar file transfers to router management interface
- MITM patterns in update traffic
SIEM Query:
source="router_logs" AND ("firmware downgrade" OR "version rollback" OR "OTA failure")