CVE-2025-9576

LOW

seeedstudio ReSpeaker LinkIt7688 - Default Credentials

Title source: llm

Description

A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.321690

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.321690

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.636068

[Exploit, Third Party Advisory] https://github.com/XXRicardo/iot-cve/blob/main/seeedstudio/ramips-openwrt-LinkIt7688.md

[Exploit, Third Party Advisory] https://github.com/XXRicardo/iot-cve/blob/main/seeedstudio/ramips-openwrt-LinkIt7688.md#steps-to-reproduce

View Exploit ZIP pw:eip

Scores

CVSS v3 2.5

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1392

Status published

Products (1)

seeedstudio/linkit_smart_7688_firmware

Published Aug 28, 2025

Tracked Since Feb 18, 2026