CVE-2025-67090

MEDIUM
2026-01-08 [email protected]
Authentication Bypass Ax1800 Firmware
5.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 16, 2026 - 21:28 vuln.today
Public exploit code
CVE Published
Jan 08, 2026 - 16:15 nvd
MEDIUM 5.1

DescriptionNVD

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (/cgi-bin/luci). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

AnalysisAI

Ax1800 Firmware versions up to 4.2.0 is affected by improper restriction of excessive authentication attempts (CVSS 5.1).

Technical ContextAI

This vulnerability (CWE-307: Improper Restriction of Excessive Authentication Attempts) affects Ax1800 Firmware. The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (/cgi-bin/luci). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2025-67090 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy