CVE-2025-9725
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-31

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is publicly available and might be used. Upgrading to version 2.3.13 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "[T]he firmware does store a default password of 'admin'. This password has been deprecated since LT500E firmware version 2.3.13 and is no longer used. The LT500E does not have an administrator password set by default; a new password (at least 8 characters ) must be manually created upon first login the web management page."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-31
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-31
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9725
EUVD
EUVD-2025-26291
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cudy lt500e_firmware to 2.3.13 (exc)
cudy lt500e *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-259 The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-255
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Cudy LT500E router firmware up to version 2.3.12 involves a hard-coded default password 'admin' stored in the device's /squashfs-root/etc/shadow file used by the web interface. The password is weakly hashed and can be decrypted, allowing an attacker with local access to gain unauthorized root access to the router's web interface and network services. The vulnerability requires local access and is difficult to exploit. It is fixed by upgrading to firmware version 2.3.13 or later, where the default password is removed and users must create a new password upon first login. [1, 2]

Impact Analysis

If exploited, this vulnerability allows an attacker with local access to gain unauthorized root access to the router's web interface and other network services by using the default hard-coded password. This can lead to unauthorized control over the device, potentially compromising network security and confidentiality. However, the attack complexity is high and requires local access, limiting the risk to nearby attackers or those with physical or local network access. [1, 2]

Detection Guidance

This vulnerability can be detected by checking if the device is running Cudy LT500E firmware version up to 2.3.12 and if the default password 'admin' is still in use. Since the password is stored in the /squashfs-root/etc/shadow file using MD5-crypt hashing, tools like 'John the Ripper' can be used to attempt to decrypt the password hash to confirm if the default password is present. Commands to extract and test the password hash might include accessing the device locally, extracting the shadow file, and running John the Ripper against it. For example: 1) Access the device shell locally. 2) Extract the /etc/shadow file or its equivalent. 3) Use 'john --format=md5crypt shadowfile' to attempt password cracking. Detection requires local access due to the attack complexity and exploitability. [1, 2]

Mitigation Strategies

The immediate mitigation step is to upgrade the Cudy LT500E router firmware to version 2.3.13 or later, where the default 'admin' password has been deprecated and no administrator password is set by default. After upgrading, ensure that a new administrator password of at least 8 characters is manually created upon first login to the web management interface. This upgrade eliminates the hard-coded password vulnerability and prevents unauthorized access. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9725. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart