CVE-2025-9576
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9576
EUVD
EUVD-2025-28868
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
seeedstudio linkit_smart_7688_firmware *
seeedstudio linkit_smart_7688 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the seeedstudio ReSpeaker LinkIt7688 device, specifically its Administrative Interface related to the /etc/shadow file. The issue is that the device uses default credentials with a weak password for the root user account, stored using weak MD5-crypt hashing. This allows attackers with local access to potentially gain unauthorized root access by exploiting these default credentials. The exploit is publicly available but requires a high degree of complexity and local access to the device. [1, 2]

Impact Analysis

Exploiting this vulnerability can lead to unauthorized root access to the affected device, compromising its confidentiality. Since the root password is weak and stored insecurely, an attacker with local access could take control of the device, potentially leading to unauthorized administrative actions. However, remote exploitation is not feasible, and the attack requires significant complexity and local access. [1, 2]

Detection Guidance

This vulnerability can be detected by checking the /etc/shadow file on the seeedstudio ReSpeaker LinkIt7688 device for default or weak credentials, specifically the root account password hashed with MD5-crypt. Using password cracking tools like John the Ripper against the /etc/shadow file can reveal if the default weak password "root" is in use. Commands to extract and test the password hash include: 1) Access the device locally and copy the /etc/shadow file: `cat /etc/shadow` 2) Use John the Ripper to crack the password hash: `john /etc/shadow` This will help identify if the default credentials are still active. [1]

Mitigation Strategies

Immediate mitigation steps include replacing the affected seeedstudio ReSpeaker LinkIt7688 device with an alternative solution, as no official patches or countermeasures have been released. Since the vulnerability requires local access and involves default credentials, restricting physical and local access to the device is critical. Additionally, changing default passwords if possible and disabling or securing the administrative interface can help reduce risk, but the recommended action is to replace the vulnerable product. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9576. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart