Local Password Manipulation Vulnerability in Cudy WR1200EA Router
CVE-2025-9589

2LOW

Key Information:

Vendor

Cudy

Status
Wr1200ea
Vendor
CVE Published:
28 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-9589?

A vulnerability has been identified in the Cudy WR1200EA router, specifically affecting version 2.3.7-20250113-121810. This vulnerability is related to an obscure function within the /etc/shadow file, which may allow local attackers to exploit the device by manipulating the system to utilize default passwords. While the complexity of the attack is considered high, the exploit has been publicly disclosed, making it imperative for users to assess and mitigate their device security promptly. Despite early notifications provided to Cudy regarding this issue, there has been no response from the vendor, which emphasizes the urgency for customers to take action.

Affected Version(s)

WR1200EA 2.3.7-20250113-121810

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-9589 - Proof of Concept

References

https://vuldb.com/?id.321761
vdb-entry
https://vuldb.com/?ctiid.321761
signaturepermissions-required
https://vuldb.com/?submit.636138
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

n0ps1ed (VulDB User)
.