CVE-2025-68707 — HIGH (8.8)

Vulnerability Description

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints).

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tycc	Tongyu Ax1800 Firmware	1.0.0
Tycc	Tongyu Ax1800	-

Related Weaknesses (CWE)

CWE-288

References

https://github.com/actuator/cve/blob/main/Tongyu/CVE-2025-68707.txtThird Party Advisory
https://github.com/actuator/cve/tree/main/TongyuExploitThird Party Advisory
https://www.tongyucom.com/product/ax1800.htmlBroken Link

FAQ

What is CVE-2025-68707?

CVE-2025-68707 is a vulnerability with a CVSS score of 8.8 (HIGH). An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without prov...

How severe is CVE-2025-68707?

CVE-2025-68707 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-68707?

Check the references section above for vendor advisories and patch information. Affected products include: Tycc Tongyu Ax1800 Firmware, Tycc Tongyu Ax1800.