7
CVE-2025-9576
- EPSS 0.2%
- Veröffentlicht 28.08.2025 18:15:34
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Loginseeedstudio ReSpeaker Administrative shadow default credentials
A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Seeedstudio ≫ Linkit Smart 7688 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.093 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 1.1 | 0 | 0 |
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 2.5 | 1 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 1 | 1.5 | 2.9 |
AV:L/AC:H/Au:S/C:P/I:N/A:N
|
CWE-1392 Use of Default Credentials
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
https://github.com/XXRicardo/iot-cve/blob/main/seeedstudio/ramips-openwrt-LinkIt7688.md
https://github.com/XXRicardo/iot-cve/blob/main/seeedstudio/ramips-openwrt-LinkIt7688.md#steps-to-reproduce
https://vuldb.com/?ctiid.321690
https://vuldb.com/?id.321690
https://vuldb.com/?submit.636068