CVE-2025-68707 – An authentication bypass vulnerability in Tongy... (How to Fix)

Q: What is the severity of CVE-2025-68707?

CVE-2025-68707 has a CVSS score of 8.8 (HIGH). An authentication bypass vulnerability in Tongyu AX1800 Wi-Fi 6 Router firmware allows attackers on the same network to perform administrative actions without credentials when an admin session is active. This enables complete device takeover including configuration changes and potential network compromise. Only users of this specific router model with vulnerable firmware are affected.

📋 TL;DR

An authentication bypass vulnerability in Tongyu AX1800 Wi-Fi 6 Router firmware allows attackers on the same network to perform administrative actions without credentials when an admin session is active. This enables complete device takeover including configuration changes and potential network compromise. Only users of this specific router model with vulnerable firmware are affected.

💻 Affected Systems

Products:

Tongyu AX1800 Wi-Fi 6 Router

Versions: Firmware 1.0.0

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires network-adjacent access and an active admin session. All devices running the vulnerable firmware are affected by default.

📦 What is this software?

Tongyu Ax1800 Firmware by Tycc

View all CVEs affecting Tongyu Ax1800 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to change DNS settings, redirect traffic, install malicious firmware, and gain persistent access to the entire network.

🟠

Likely Case

Attackers on the same network (guests, neighbors) gain administrative control of the router, enabling traffic interception, network reconnaissance, and device reconfiguration.

🟢

If Mitigated

With proper network segmentation and no active admin sessions, impact is limited to potential denial of service if endpoints are accessible.

🌐 Internet-Facing: LOW - The vulnerability requires network-adjacent access and cannot be exploited directly from the internet.

🏢 Internal Only: HIGH - Any device on the same network can exploit this vulnerability when an admin session is active, leading to full router compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires simple HTTP requests to specific endpoints. Public GitHub repository contains technical details and proof-of-concept information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Contact Tongyu support for firmware updates. Check vendor website regularly for security updates.

🔧 Temporary Workarounds

Disable remote admin access

all

Ensure router admin interface is only accessible from wired connections or disable remote administration features

Limit admin session duration

all

Log out of admin interface immediately after configuration changes and set short session timeouts

🧯 If You Can't Patch

Replace affected router with different model or vendor
Segment network to isolate router management interface from untrusted devices

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 1.0.0, device is vulnerable. Test by attempting unauthenticated POST requests to /boaform/formSaveConfig endpoint.

Check Version:

Login to router admin interface and navigate to System Status or Firmware Information page

Verify Fix Applied:

Verify firmware version has been updated beyond 1.0.0. Test that unauthenticated requests to vulnerable endpoints return authentication errors.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated POST requests to /boaform/formSaveConfig or /boaform/admin endpoints
Configuration changes from non-admin IP addresses
Multiple failed authentication attempts followed by successful admin actions

Network Indicators:

HTTP POST requests to router IP on port 80/443 targeting formSaveConfig or admin endpoints without authentication headers
Unusual configuration changes from unexpected source IPs

SIEM Query:

source_ip!=admin_ip AND (url_path="/boaform/formSaveConfig" OR url_path="/boaform/admin") AND http_method="POST"

📊 Metadata

CVE ID: CVE-2025-68707

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

EPSS Score: 0.17% exploit probability (38th percentile)

Published: January 13, 2026

Last Updated: February 13, 2026

🔗 References

https://github.com/actuator/cve/blob/main/Tongyu/CVE-2025-68707.txt Third Party Advisory
https://github.com/actuator/cve/tree/main/Tongyu Exploit,Third Party Advisory
https://www.tongyucom.com/product/ax1800.html Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68707, you might also want to check these: