Sign-up

ID

VAR-202508-2427


CVE

CVE-2025-9577


TITLE

TOTOLINK  of  x2000r  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-013592

DESCRIPTION

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. TOTOLINK of x2000r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X2000R is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion. Detailed vulnerability details are currently unavailable

Trust: 2.16

sources: NVD: CVE-2025-9577 // JVNDB: JVNDB-2025-013592 // CNVD: CNVD-2025-23591

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-23591

AFFECTED PRODUCTS

vendor:totolinkmodel:x2000rscope:eqversion:2.0.0-b20230727.1043.web

Trust: 1.0

vendor:totolinkmodel:x2000rscope:eqversion:x2000r firmware 2.0.0-b20230727.1043.web

Trust: 0.8

vendor:totolinkmodel:x2000rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:x2000rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:x2000rscope:lteversion:<=2.0.0

Trust: 0.6

sources: CNVD: CNVD-2025-23591 // JVNDB: JVNDB-2025-013592 // NVD: CVE-2025-9577

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9577
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-9577
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-013592
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-23591
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-9577
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-013592
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-23591
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-9577
baseSeverity: LOW
baseScore: 2.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9577
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-013592
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-23591 // JVNDB: JVNDB-2025-013592 // NVD: CVE-2025-9577 // NVD: CVE-2025-9577

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-1392

Trust: 1.0

problemtype:Using default credentials (CWE-1392) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-013592 // NVD: CVE-2025-9577

EXTERNAL IDS

db:NVDid:CVE-2025-9577

Trust: 3.2

db:VULDBid:321691

Trust: 1.8

db:JVNDBid:JVNDB-2025-013592

Trust: 0.8

db:CNVDid:CNVD-2025-23591

Trust: 0.6

sources: CNVD: CNVD-2025-23591 // JVNDB: JVNDB-2025-013592 // NVD: CVE-2025-9577

REFERENCES

url:https://github.com/xxricardo/iot-cve/blob/main/tololink/x2000r-gh-v2.0.0.md

Trust: 1.8

url:https://github.com/xxricardo/iot-cve/blob/main/tololink/x2000r-gh-v2.0.0.md#steps-to-reproduce

Trust: 1.8

url:https://vuldb.com/?id.321691

Trust: 1.8

url:https://vuldb.com/?submit.636069

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.321691

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-9577

Trust: 0.8

url:https://github.com/xxricardo/iot-cve/blob/main/tololink/x2000r-gh-v2.0.0.md#steps

Trust: 0.6

sources: CNVD: CNVD-2025-23591 // JVNDB: JVNDB-2025-013592 // NVD: CVE-2025-9577

SOURCES

db:CNVDid:CNVD-2025-23591
db:JVNDBid:JVNDB-2025-013592
db:NVDid:CVE-2025-9577

LAST UPDATE DATE

2025-10-15T23:29:00.244000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-23591date:2025-10-14T00:00:00
db:JVNDBid:JVNDB-2025-013592date:2025-09-10T07:20:00
db:NVDid:CVE-2025-9577date:2025-09-09T19:13:43.063

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-23591date:2025-10-14T00:00:00
db:JVNDBid:JVNDB-2025-013592date:2025-09-10T00:00:00
db:NVDid:CVE-2025-9577date:2025-08-28T19:15:34.880