CVE-2025-6560

| EUVD-2025-19052 CRITICAL
Plaintext Storage of a Password (CWE-256)
2025-06-24 [email protected]
Information Disclosure
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19052
CVE Published
Jun 24, 2025 - 03:15 nvd
CRITICAL 9.8

DescriptionNVD

Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.

The affected models are out of support; replacing the device is recommended.

AnalysisAI

CVE-2025-6560 is a critical authentication bypass vulnerability affecting multiple Sapido wireless router models, where unauthenticated remote attackers can directly access system configuration files containing plaintext administrator credentials. The affected models are end-of-life products with no vendor patches available; this vulnerability carries a CVSS 9.8 rating and likely has exploitation activity given the simplicity of the attack vector and lack of defensive complexity. Immediate device replacement is the only viable remediation.

Technical ContextAI

This vulnerability exploits insufficient access controls on configuration file endpoints in Sapido router firmware. The root cause is CWE-256 (Plaintext Storage of Password), combined with a lack of authentication requirements on sensitive file retrieval mechanisms. Sapido routers typically use web-based management interfaces running on embedded Linux systems; the vulnerability allows direct HTTP/HTTPS requests to configuration file paths (likely /etc/config or similar) without authentication cookies or tokens. The configuration files store administrative credentials in plaintext rather than using cryptographic hashing or salting. The affected product line includes various Sapido models such as RB-WL2500C, RB-WL5520, and other models from their residential/SMB router portfolio. Without access to specific CPE identifiers from vendor advisories, the affected scope likely spans multiple hardware revisions running vulnerable firmware versions across the entire Sapido consumer router lineup.

RemediationAI

No patches are available from Sapido for affected models due to end-of-life status. Recommended remediation pathway: (1) Immediate replacement: Decommission all affected Sapido router models and replace with current-generation, actively-supported router hardware from vendors with ongoing security patching (Cisco, Netgear, TP-Link enterprise lines, Ubiquiti, Fortinet, etc.). (2) Network isolation (temporary, if replacement delayed): Place affected routers on isolated network segments, disable remote management, disable WAN-side access to management interface, implement network-level filtering to restrict direct access to device management ports. (3) Credential rotation: Assume all plaintext credentials stored in affected router configuration files have been compromised; reset all passwords on downstream systems and services that may have been accessed through the router. (4) Monitor for indicators of compromise: Check router access logs and syslog data for unauthorized configuration file requests (HTTP 200 responses to /etc/config or similar paths). Vendor advisories with specific remediation URLs are not available in the provided description; consult Sapido's support portal or end-of-life product documentation.

Share

CVE-2025-6560 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy