The vulnerability identified as CVE-2025-67090 affects the LuCI web interface on Gl Inet AX1800 routers, specifically versions 4.6.4 and 4.6.8. The core issue is the absence of rate limiting or account lockout mechanisms on the authentication endpoint located at /cgi-bin/luci. This design flaw allows an unauthenticated attacker who has access to the local network to perform unlimited password attempts against the administrative interface without restriction. The lack of throttling or lockout means brute force attacks can be conducted efficiently, increasing the likelihood of compromising the admin credentials. Once an attacker gains administrative access, they can manipulate router configurations, intercept or redirect network traffic, and potentially pivot to other internal systems. The vulnerability does not require prior authentication, but does require local network access, which could be achieved through compromised devices or physical proximity. No CVSS score has been assigned yet, and no known exploits are reported in the wild. A patch addressing this vulnerability is available in Gl Inet AX1800 firmware version 4.8.2. The vulnerability highlights the importance of implementing robust authentication protections such as rate limiting and account lockouts on critical network device interfaces.

For European organizations, this vulnerability could lead to unauthorized administrative access to Gl Inet AX1800 routers, compromising network security and confidentiality. Attackers exploiting this flaw can alter router settings, disrupt network availability, intercept sensitive communications, or establish persistent footholds within internal networks. This is particularly concerning for organizations with sensitive data or critical infrastructure relying on these routers. The local network access requirement limits remote exploitation but does not eliminate risk, as attackers could gain local access via compromised devices or insider threats. The absence of rate limiting increases the risk of successful brute force attacks, potentially leading to widespread compromise if many devices remain unpatched. The impact extends to operational disruption, data breaches, and potential lateral movement within corporate or industrial networks. Given the router’s role as a network gateway, exploitation could affect multiple connected systems, amplifying the severity of the breach.

To mitigate this vulnerability, affected organizations should promptly upgrade Gl Inet AX1800 routers to firmware version 4.8.2 or later, which includes the necessary fixes. Network administrators should implement network segmentation to restrict access to router management interfaces strictly to trusted devices and personnel. Deploying network monitoring solutions to detect unusual authentication attempts or brute force patterns on the /cgi-bin/luci endpoint can provide early warning of exploitation attempts. Additionally, organizations should enforce strong, complex admin passwords and consider disabling remote management features if not required. Physical security controls should be enhanced to prevent unauthorized local network access. Where possible, use VPNs or secure management channels to access router interfaces rather than exposing them directly on local networks. Regularly auditing router configurations and logs will help identify suspicious activity. Finally, educating staff about the risks of local network compromise can reduce insider threats and accidental exposure.