CVE-2025-45845 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2025-45845?

CVE-2025-45845 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated attackers to execute arbitrary code on TOTOLINK NR1800X routers via a stack overflow in the setWiFiEasyGuestCfg function. Attackers with valid credentials can exploit this to gain full control of affected devices. Only TOTOLINK NR1800X routers running specific vulnerable firmware versions are affected.

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary code on TOTOLINK NR1800X routers via a stack overflow in the setWiFiEasyGuestCfg function. Attackers with valid credentials can exploit this to gain full control of affected devices. Only TOTOLINK NR1800X routers running specific vulnerable firmware versions are affected.

💻 Affected Systems

Products:

TOTOLINK NR1800X

Versions: V9.1.0u.6681_B20230703

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface. The vulnerability is in the 5GHz WiFi guest configuration function.

📦 What is this software?

Nr1800x Firmware by Totolink

View all CVEs affecting Nr1800x Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and botnet recruitment.

🟠

Likely Case

Local network compromise allowing attacker to reconfigure router settings, intercept traffic, and potentially pivot to other devices on the network.

🟢

If Mitigated

Limited impact if strong authentication is enforced and network segmentation isolates the router from critical systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code is publicly available in GitHub repositories. Requires valid credentials but exploitation is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. Download latest firmware for NR1800X. 3. Log into router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for automatic reboot.

🔧 Temporary Workarounds

Disable Guest WiFi

all

Disable the 5GHz guest WiFi network to prevent access to vulnerable function

Change Admin Credentials

all

Use strong, unique passwords for router administration

🧯 If You Can't Patch

Isolate router on separate VLAN away from critical systems
Implement network monitoring for unusual traffic patterns from router

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Tools > Firmware Upgrade

Check Version:

Login to router web interface and navigate to System Status or Firmware Upgrade page

Verify Fix Applied:

Verify firmware version has been updated to a version newer than V9.1.0u.6681_B20230703

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful login
Unusual configuration changes to WiFi settings
Large payloads sent to setWiFiEasyGuestCfg endpoint

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting command and control communication
Port scanning originating from router

SIEM Query:

source="router_logs" AND (event="authentication_success" AND user="admin") AND (event="configuration_change" AND setting="wifi_guest")

📊 Metadata

CVE ID: CVE-2025-45845

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.12% exploit probability (31.3th percentile)

Published: May 8, 2025

Last Updated: May 16, 2025

🔗 References

https://github.com/regainer27/CVE-key/tree/main/bo5 Exploit
https://www.totolink.net Product
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/225/ids/36.html Product
https://github.com/regainer27/CVE-key/tree/main/bo5 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45845, you might also want to check these: