Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2025-9577

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.

Published: Aug 28, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-9577
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.5
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 1
AV:L/AC:H/Au:S/C:P/I:N/A:N

CWEs:

CWE-1392

Affected Software
References

Software	From	Fixed in
totolink / x2000r_firmware	2.0.0-b20230727.1043.web	2.0.0-b20230727.1043.web.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo