CVE-2025-67090 is a medium severity vulnerability affecting the LuCI web interface on GL.Inet AX1800 routers, specifically versions 4.6.4 and 4.6.8. The core issue is the absence of rate limiting or account lockout mechanisms on the authentication endpoint (/cgi-bin/luci). This design flaw allows an unauthenticated attacker with local network access to perform unlimited password guessing attempts against the admin interface, effectively enabling brute force attacks. The vulnerability is categorized under CWE-307 (Improper Restriction of Excessive Authentication Attempts). Exploiting this vulnerability requires local network access but no prior authentication or user interaction. Successful exploitation could lead to unauthorized access to the router’s administrative interface, potentially compromising confidentiality of network configuration and causing limited availability disruption. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) reflects that the attack is local, requires low complexity, no privileges or user interaction, and impacts confidentiality and availability partially. Although no known exploits are reported in the wild, the vulnerability poses a risk especially in environments where the GL.Inet AX1800 routers are deployed in sensitive or critical network segments. The vendor has released a patch in version 4.8.2 to address this issue by presumably adding rate limiting or lockout controls.

For European organizations, this vulnerability could lead to unauthorized administrative access to GL.Inet AX1800 routers if attackers gain local network access, such as through compromised internal devices or guest networks. This could result in exposure of network configuration details, potential interception or redirection of traffic, and limited denial of service if the attacker disrupts router functionality. Sectors with high reliance on secure network infrastructure, including government, finance, healthcare, and critical infrastructure, may face increased risks. The medium CVSS score reflects moderate impact, but the ease of brute forcing without lockout increases risk in poorly segmented or monitored networks. The lack of known exploits reduces immediate threat but patching remains critical to prevent future exploitation. Organizations with remote or distributed offices using these routers are particularly vulnerable if local network access controls are weak.

1. Immediately upgrade all GL.Inet AX1800 routers to firmware version 4.8.2 or later to apply the vendor’s fix. 2. Implement strict network segmentation to isolate management interfaces from general user and guest networks, limiting local network access to trusted administrators only. 3. Deploy network monitoring and intrusion detection systems to identify unusual authentication attempts or brute force patterns targeting router interfaces. 4. Enforce strong, complex administrative passwords to increase brute force resistance. 5. Where possible, disable remote management or restrict it via VPN or secure channels. 6. Regularly audit router configurations and logs for signs of unauthorized access attempts. 7. Educate network administrators on the risks of local network attacks and the importance of patch management. 8. Consider additional multi-factor authentication mechanisms if supported by the router firmware or network architecture.