CVE-2025-9577

Sažetak

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.

Reference

https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md
https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce
https://vuldb.com/?ctiid.321691
https://vuldb.com/?id.321691
https://vuldb.com/?submit.636069
https://www.totolink.net/
https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md
https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce

CVSS

Base:	1.0
Impact:	2.9
Exploitability:	1.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:H/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-09-2025 - 19:13

Objavljeno

28-08-2025 - 19:15