Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-6139

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Published

2025-06-16T21:15:24.513

Last Modified

2025-06-26T16:27:37.157

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.9 (LOW)

CVSSv2 Vector

AV:A/AC:H/Au:M/C:P/I:P/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: HIGH
Authentication: MULTIPLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

2.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-255
CWE-259

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	totolink	t10_firmware	4.1.8cu.5207_b20210320	Yes
Hardware	totolink	t10	2.0	No

References

https://candle-throne-f75.notion.site/TOTOLINK-T10-shadow-20ddf0aa118580f5a455cd5dbc521472 Exploit, Third Party Advisory ([email protected])
https://vuldb.com/?ctiid.312608 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.312608 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.592922 Third Party Advisory, VDB Entry ([email protected])
https://www.totolink.net/ Product ([email protected])