CVE-2025-9577

TOTOLINK X2000R Administrative shadow.sample default credentials

Description

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.

INFO

Published Date :

2025-08-28T18:32:07.573Z

Last Modified :

2025-08-28T18:41:04.929Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-9577 vulnerability.

Vendors	Products
Totolink	X2000r X2000r Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9577.

URL	Resource
https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md
https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce
https://vuldb.com/?ctiid.321691
https://vuldb.com/?id.321691
https://vuldb.com/?submit.636069
https://www.totolink.net/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact