ByteOS Network

NVD Vulnerability Details :

CVE-2025-9725

Analyzed

Source-cna@vuldb.com

Published At-31 Aug, 2025 | 10:15

Updated At-05 Sep, 2025 | 20:48

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is publicly available and might be used. Upgrading to version 2.3.13 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "[T]he firmware does store a default password of 'admin'. This password has been deprecated since LT500E firmware version 2.3.13 and is no longer used. The LT500E does not have an administrator password set by default; a new password (at least 8 characters ) must be manually created upon first login the web management page."

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.0	LOW	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	2.5	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	2.0	1.0	LOW	AV:L/AC:H/Au:S/C:P/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 2.0

Base severity: LOW

Vector:

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 2.5

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 2.0

Base score: 1.0

Base severity: LOW

Vector:

AV:L/AC:H/Au:S/C:P/I:N/A:N

CPE Matches

cudy>>lt500e_firmware>>Versions before 2.3.13(exclusive)

cpe:2.3:o:cudy:lt500e_firmware:*:*:*:*:*:*:*:*

cudy>>lt500e>>-

cpe:2.3:h:cudy:lt500e:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-255	Secondary	cna@vuldb.com
CWE-259	Secondary	cna@vuldb.com
CWE-798	Primary	nvd@nist.gov

CWE ID: CWE-255

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-259

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-798

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/XXRicardo/iot-cve/blob/main/CUDY/LT500E-R42-2.3.13.md	cna@vuldb.com	Exploit Third Party Advisory
https://github.com/XXRicardo/iot-cve/blob/main/CUDY/LT500E-R42-2.3.13.md#steps-to-reproduce	cna@vuldb.com	Exploit Third Party Advisory
https://vuldb.com/?ctiid.322014	cna@vuldb.com	Permissions Required VDB Entry
https://vuldb.com/?id.322014	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.639346	cna@vuldb.com	Third Party Advisory VDB Entry
https://github.com/XXRicardo/iot-cve/blob/main/CUDY/LT500E-R42-2.3.13.md	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory
https://github.com/XXRicardo/iot-cve/blob/main/CUDY/LT500E-R42-2.3.13.md#steps-to-reproduce	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory