CVE-2025-13184

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions X5000R versions prior to V9.1.0u.6369 B20230113

Description The device allows unauthenticated Telnet access through the cstecgi.cgi interface, bypassing authentication. This allows for unauthenticated root login with a blank password on a factory reset device. Successful exploitation results in arbitrary command execution.

Recommendations Apply updates to versions V9.1.0u.6369 B20230113 or later.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2025-13184

Affected Products

X5000R

CVE-2025-13184

Weakness Enumeration

Related Identifiers

Affected Products

References · 7