CVE-2025-68707 is an authentication bypass vulnerability identified in the Tongyu AX1800 Wi-Fi 6 Router running firmware version 1.0.0. The flaw allows an unauthenticated attacker who is network-adjacent—that is, within the same local network or able to access the router's network interfaces—to bypass authentication mechanisms and perform arbitrary configuration changes on the device. This is possible as long as there exists a valid administrative session on the device, which the attacker can leverage without needing credentials. The vulnerability specifically affects the router's web management interface endpoints /boaform/formSaveConfig and /boaform/admin, which handle configuration saving and administrative functions. Exploiting this vulnerability can lead to full compromise of the router, enabling attackers to alter settings, potentially inject malicious configurations, redirect traffic, or disable security features. The CVSS v3.1 base score of 8.8 reflects high severity, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). No patches or known exploits in the wild have been reported at the time of publication, but the risk remains significant due to the ease of exploitation and potential impact.

For European organizations, the impact of this vulnerability can be severe. Compromise of the Tongyu AX1800 routers could lead to unauthorized changes in network configurations, including DNS settings, firewall rules, and routing policies, which can facilitate man-in-the-middle attacks, data interception, or denial of service. Confidential information traversing the network could be exposed or manipulated, undermining data integrity and privacy obligations under regulations such as GDPR. Critical infrastructure or enterprise networks relying on these routers may face operational disruptions or persistent compromise. Since the attack requires network adjacency but no authentication or user interaction, attackers who gain local network access—via compromised devices, insider threats, or physical proximity—can exploit this vulnerability. This increases the attack surface in environments with insufficient network segmentation or weak internal security controls. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability's characteristics make it a prime target for future exploitation campaigns.

European organizations should implement the following specific mitigations: 1) Immediately identify and inventory all Tongyu AX1800 routers within their networks to assess exposure. 2) Restrict access to router management interfaces to trusted administrative networks only, using VLANs or firewall rules to enforce network segmentation and prevent unauthorized adjacent access. 3) Monitor router logs and network traffic for unusual configuration changes or access attempts to /boaform/formSaveConfig and /boaform/admin endpoints. 4) Disable remote management features if not required, or restrict them to secure VPN connections with strong authentication. 5) Apply any firmware updates or patches released by Tongyu promptly once available. 6) Employ network intrusion detection systems (NIDS) with signatures or heuristics to detect exploitation attempts targeting this vulnerability. 7) Educate network administrators about the risk and signs of compromise related to this vulnerability. 8) Consider deploying endpoint security solutions on devices connected to the network to detect lateral movement attempts that could lead to network adjacency exploitation.