CVE-2025-68707
Published: 13 January 2026
Summary
CVE-2025-68707 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Tycc Tongyu Ax1800 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 41.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Explicitly identifies and prohibits sensitive configuration changes without identification or authentication, directly countering the authentication bypass vulnerability.
Enforces approved authorizations for access to configuration endpoints like /boaform/formSaveConfig, preventing unauthenticated arbitrary changes.
Restricts access to configuration change capabilities to authorized users only, mitigating exploitation for full device compromise.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables unauthenticated exploitation of the router's remote web management service (/boaform endpoints) for arbitrary configuration changes and full device compromise, directly mapping to T1210 (Exploitation of Remote Services) and T1068 (Exploitation for Privilege Escalation).
NVD Description
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full…
more
compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints).
Deeper analysisAI
CVE-2025-68707 is an authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware version 1.0.0. It enables unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. Exploitation occurs through unauthenticated access to endpoints such as /boaform/formSaveConfig and /boaform/admin, potentially resulting in full compromise of the device. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-288.
Attackers adjacent to the network, requiring no privileges or user interaction, can exploit this issue with low complexity. By leveraging an active admin session, they gain the ability to alter configurations arbitrarily, achieving high impacts on confidentiality, integrity, and availability, up to complete device takeover.
Mitigation guidance and further details are available in advisories at https://github.com/actuator/cve/blob/main/Tongyu/CVE-2025-68707.txt and https://github.com/actuator/cve/tree/main/Tongyu, along with the product page at https://www.tongyucom.com/product/ax1800.html.
Details
- CWE(s)