CVE-2025-52376

Name of the Vulnerable Software and Affected Versions Nexxt Solutions NCM-X1800 Mesh Router firmware versions UV1.2.7 and below

Description An authentication bypass exists in the /web/um open telnet.cgi endpoint. This bypass allows an attacker to remotely enable the Telnet service without authentication, circumventing security measures. The Telnet server is then accessible using hard-coded credentials, granting attackers administrative shell access and the ability to execute arbitrary commands on the device.

Recommendations Versions prior to UV1.2.7: At the moment, there is no information about a newer version that contains a fix for this vulnerability.