CVE-2025-9577

low-risk
Published 2025-08-28

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.5/10 Low
LOCAL / HIGH complexity

Affected Products (1)

Affected Vendors

Totolink

References (8)

Exploit https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md
Exploit https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#step...
Permissions Required https://vuldb.com/?ctiid.321691
Third Party Advisory https://vuldb.com/?id.321691
Third Party Advisory https://vuldb.com/?submit.636069
Product https://www.totolink.net/
Exploit https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md
Exploit https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#step...
11
/ 100
low-risk
Severity 6/34 · Minimal
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal