CVE-2025-9577 – TOTOLINK X2000R Default Credentials Vulnerability

The following table lists the changes that have been made to the
CVE-2025-9577 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

New CVE Received
by [email protected]

Aug. 28, 2025

Action	Type	New Value
Added	Description	A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.
Added	CVSS V4.0	AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added	CVSS V3.1	AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Added	CVSS V2	(AV:L/AC:H/Au:S/C:P/I:N/A:N)
Added	CWE	CWE-1392
Added	Reference	https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md
Added	Reference	https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce
Added	Reference	https://vuldb.com/?ctiid.321691
Added	Reference	https://vuldb.com/?id.321691
Added	Reference	https://vuldb.com/?submit.636069
Added	Reference	https://www.totolink.net/

CVE Modified
by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Aug. 28, 2025

Action	Type	Old Value	New Value
Added	Reference		https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md
Added	Reference		https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md#steps-to-reproduce

Share the Post:

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE ID : CVE-2025-10304 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The Everest Backup –

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

CVE ID : CVE-2025-12585 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The MxChat – AI

Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN

Company Registration Number: 5334133
Company VAT Number: 855 7246 95

CVE-2025-9577 – TOTOLINK X2000R Default Credentials Vulnerability

New CVE Received
by [email protected]

CVE Modified
by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Related Posts

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

Useful Links

Other Links

CVE-2025-9577 – TOTOLINK X2000R Default Credentials Vulnerability

New CVE Received by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Related Posts

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

Useful Links

Other Links

New CVE Received
by [email protected]

CVE Modified
by 134c704f-9b21-4f2e-91b3-4a467353bcc0