Vulnerability Description
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totolink | X2000R Firmware | 2.0.0-b20230727.1043.web |
| Totolink | X2000R | - |
Related Weaknesses (CWE)
References
- https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.mdExploitThird Party Advisory
- https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#stepExploitThird Party Advisory
- https://vuldb.com/?ctiid.321691Permissions RequiredVDB Entry
- https://vuldb.com/?id.321691Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.636069Third Party AdvisoryVDB Entry
- https://www.totolink.net/Product
- https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.mdExploitThird Party Advisory
- https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#stepExploitThird Party Advisory
FAQ
What is CVE-2025-9577?
CVE-2025-9577 is a vulnerability with a CVSS score of 2.5 (LOW). A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulati...
How severe is CVE-2025-9577?
CVE-2025-9577 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9577?
Check the references section above for vendor advisories and patch information. Affected products include: Totolink X2000R Firmware, Totolink X2000R.