Zero-Day Alert: Linksys Auth Bypass Lets Hackers Hijack Routers Without Passwords
Ddos 
Image: CSIT
A popular Wi-Fi 6 router found in thousands of homes has been blown wide open by security researchers, revealing a critical flaw that allows attackers to bypass login screens and seize full control of the device.
The Centre for Strategic Infocomm Technologies (CSIT) has disclosed a zero-day vulnerability, tracked as CVE-2025-52692, in the Linksys E9450-SG router. The device, which was widely distributed by Singtel in 2021, contains a logic error that lets anyone on the local network enable the router’s hidden Telnet server—no password required.
“Consumer routers are particularly attractive targets because they expose internal networks and often contain exploitable flaws,” the report notes, highlighting the high stakes of home network security.
The researchers focused on the router’s web management interface, the command center for device settings. While typically protected by a password and restricted to local administrators, the team found a way to trick the system.
The vulnerability stems from how the router parses web requests. The researchers discovered that by manipulating the URL, they could access restricted endpoints without ever authenticating.
Specifically, by accessing the path /LOGIN/API/obj/en_telnet, an attacker can skip the entire login process.
“A series of logic errors are present in the parsing of the request URL and subsequent handling and processing of the associated HTTP request,” the researchers explained . “This allows an attacker to craft a request that grants access to authentication-protected endpoints without valid credentials”.
Once the specific URL is triggered, the router silently enables its Telnet server—an old, unencrypted remote control protocol. With Telnet active and authentication bypassed, the attacker can log in and execute commands with the highest possible privileges.
“By using this vulnerability to enable the Telnet server, attackers within the local network can gain full root command line access to the router,” the report states .
From there, a hacker could potentially eavesdrop on traffic, install malware, or pivot to other devices on the home network.
The vulnerability has been verified in firmware version 1.2.00.052, which CSIT notes is “the only firmware version that has been released so far” for this specific model variant .
However, there is a silver lining: the attack is not remotely exploitable over the internet by default. “The attacker must have access to the router’s administrative web interface, which is not exposed to the internet by default,” the report clarified . This means the threat is largely limited to attackers who have already gained access to the victim’s Wi-Fi network.
Related Posts:
- Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm
- 0-Click NTLM Authentication Bypass Hits Microsoft Telnet Server, PoC Releases, No Patch
- CVE-2023-46012 in Linksys EA7500 Routers Allows Remote Takeover, No Patch, Poc Released
- CVE-2024-27497: Replace Your Linksys E2000 Router Now
Donate