Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-9577

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.

Published

2025-08-28T19:15:34.880

Last Modified

2025-09-09T19:13:43.063

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 2.5 (LOW)

CVSSv2 Vector

AV:L/AC:H/Au:S/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: HIGH
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

1.5

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-1392
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System totolink x2000r_firmware 2.0.0-b20230727.1043.web Yes
Hardware totolink x2000r - No
References