Tongyu AX1800 Wi-Fi 6 Router Authentication Bypass Vulnerability Allowing Arbitrary Configuration Changes

An authentication bypass vulnerability has been identified in the Tongyu AX1800 Wi-Fi 6 Router running firmware 1.0.0. This vulnerability allows unauthenticated, network-adjacent attackers to make arbitrary configuration changes without credentials, provided a valid admin session is active. Exploitation of this vulnerability could lead to a full compromise of the device, as it allows unauthenticated access to critical administrative endpoints.

Impact

Exploitation of this vulnerability could result in unauthorized access to the router's administrative functions, allowing attackers to make changes to the device's configuration. This could lead to a complete compromise of the router, including potential denial-of-service conditions or unauthorized access to sensitive information.

Reproduction

An unauthenticated attacker on the local network can access the router's administrative endpoints, such as '/boaform/formSaveConfig', and perform privileged operations. This can be done without valid session cookies, as long as a user has previously logged in and the session is still active.