CVE-2025-45843 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2025-45843?

CVE-2025-45843 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated attackers to execute arbitrary code on TOTOLINK NR1800X routers via a stack overflow in the WiFi guest configuration function. Attackers with valid credentials can exploit this to gain full control of affected devices. Only TOTOLINK NR1800X routers running specific vulnerable firmware versions are affected.

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary code on TOTOLINK NR1800X routers via a stack overflow in the WiFi guest configuration function. Attackers with valid credentials can exploit this to gain full control of affected devices. Only TOTOLINK NR1800X routers running specific vulnerable firmware versions are affected.

💻 Affected Systems

Products:

TOTOLINK NR1800X

Versions: V9.1.0u.6681_B20230703

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to administrative interface. Default credentials may increase risk if not changed.

📦 What is this software?

Nr1800x Firmware by Totolink

View all CVEs affecting Nr1800x Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and botnet recruitment.

🟠

Likely Case

Local network compromise allowing attacker to reconfigure router settings, intercept traffic, and use device as pivot point for further attacks.

🟢

If Mitigated

Limited impact if strong authentication controls, network segmentation, and proper access controls prevent unauthorized access to administrative interfaces.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authentication but is straightforward once credentials are obtained. Public proof-of-concept code exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. Download latest firmware for NR1800X. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload new firmware file. 6. Wait for reboot and verify version.

🔧 Temporary Workarounds

Disable WiFi Guest Network

all

Remove attack surface by disabling the vulnerable guest WiFi configuration feature

Restrict Administrative Access

all

Limit administrative interface access to specific IP addresses or VLANs

🧯 If You Can't Patch

Segment affected routers in isolated network zones with strict firewall rules
Implement strong authentication (complex passwords, 2FA if supported) and monitor for brute force attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Login to router admin interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version has been updated to a version newer than V9.1.0u.6681_B20230703

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful login
Unusual configuration changes to WiFi settings
Firmware modification attempts

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting command and control communication
Port scanning originating from router

SIEM Query:

source="router_logs" AND (event="authentication_success" OR event="configuration_change") AND user!="admin"

📊 Metadata

CVE ID: CVE-2025-45843

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.12% exploit probability (31.3th percentile)

Published: May 8, 2025

Last Updated: May 16, 2025

🔗 References

https://github.com/regainer27/CVE-key/tree/main/bo2 Exploit
https://www.totolink.net/ Product
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/225/ids/36.html Product
https://github.com/regainer27/CVE-key/tree/main/bo2 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45843, you might also want to check these: