CVE-2025-6139
BaseFortify
Publication date: 2025-06-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | t10_firmware | 4.1.8cu.5207_b20210320 |
| totolink | t10 | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-255 |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in TOTOLINK T10 version 4.1.8cu.5207, specifically related to some unknown functionality of the file /etc/shadow.sample. It involves the use of a hard-coded password, which can be exploited by an attacker within the local network. The attack is considered difficult to perform and requires high complexity.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker within the local network to gain unauthorized access by leveraging the hard-coded password. This could potentially lead to unauthorized access or control over the affected device or system, impacting confidentiality, integrity, and availability to a limited extent.