CVE-2025-6560 | THREATINT

Description

Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the device is recommended.

Reserved 2025-06-24 | Published 2025-06-24 | Updated 2025-06-24 | Assigner twcert

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-256 Plaintext Storage of a Password

Product status

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

References

www.twcert.org.tw/tw/cp-132-10197-524ea-1.html third-party-advisory

www.twcert.org.tw/en/cp-139-10198-55217-2.html third-party-advisory

cve.org (CVE-2025-6560)

nvd.nist.gov (CVE-2025-6560)

Download JSON