CVE-2025-68707

Name of the Vulnerable Software and Affected Versions Tongyu AX1800 Wi-Fi 6 Router version 1.0.0

Description An authentication bypass exists in the Tongyu AX1800 Wi-Fi 6 Router firmware. This allows unauthenticated attackers on the same network to make arbitrary configuration changes without valid credentials, provided a valid admin session is active. Successful exploitation can lead to a full compromise of the device through unauthenticated access to the /boaform/formSaveConfig and /boaform/admin API endpoints.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict network access to the router's management interface.