CVE-2025-9533
Published: 27 August 2025
Summary
CVE-2025-9533 is a high-severity Improper Authentication (CWE-287) vulnerability in Totolink T10 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Detects unauthorized successful logons resulting from improper authentication implementations.
Documented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.
Security awareness training instructs users on secure authentication practices and avoiding credential compromise.
Training on authentication mechanisms and best practices decreases the occurrence of improper authentication.
Non-repudiation requires strong authentication mechanisms to irrefutably attribute performed actions to specific individuals or processes.
Session content review can reveal authentication bypasses or failures in session establishment.
Review of authentication-related audit records can detect improper authentication mechanisms or bypasses.
Assessments check authentication mechanisms for correct implementation and effectiveness, reducing successful authentication bypass attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct improper authentication bypass on the router's public web interface (/formLoginAuth.htm) enables remote exploitation of a public-facing application for initial unauthorized access.
NVD Description
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit…
more
has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-9533 is an improper authentication vulnerability (CWE-287) in the TOTOLINK T10 router firmware version 4.1.8cu.5241_B20210927. The flaw affects an unknown function in the /formLoginAuth.htm file, where manipulation of the authCode parameter using the input "1" bypasses authentication mechanisms.
A remote, unauthenticated attacker can exploit this vulnerability with low attack complexity and no user interaction required, as reflected in its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation allows the attacker to gain unauthorized access to the device, resulting in low-level impacts to confidentiality, integrity, and availability.
Advisories and related resources, including a public proof-of-concept exploit on GitHub at https://github.com/aLtEr6/MY_test/blob/main/TOTOLINK/TOTOLINK%20T10%20Vulnerability.md and VulDB entries at https://vuldb.com/?ctiid.321552, https://vuldb.com/?id.321552, and https://vuldb.com/?submit.635941, detail the issue. The TOTOLINK vendor website at https://www.totolink.net/ should be consulted for any firmware updates or mitigation guidance.
Details
- CWE(s)