CVE-2025-9589

28.08.2025, 22:15

A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.5 LOW	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
VulDB	CNA	2.5 LOW				CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-1393 - Use of Default Password
The product uses default passwords for potentially critical functionality.

References

https://github.com/ZZ2266/.github.io/tree/main/Cudy

https://github.com/ZZ2266/.github.io/tree/main/Cudy#steps-to-reproduce

https://vuldb.com/?ctiid.321761

https://vuldb.com/?id.321761

https://vuldb.com/?submit.636138