CVE-2025-6560Plaintext Storage of a Password in Br071n

CWE-256Plaintext Storage of a PasswordCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
0.2%
top 54.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Sapido Br071nSapido Br261cSapido Br270n+9 more
Timeline
PublishedJun 24
Latest updateJun 26

Description

Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the device is recommended.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages12 packages

CVEListV5sapido/br071n0
CVEListV5sapido/br261c0
CVEListV5sapido/br270n0
CVEListV5sapido/br476n0
CVEListV5sapido/brc70n0

🔴Vulnerability Details

2
GHSA
GHSA-cmjf-c5fv-c544: Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to dire2025-06-26
CVEList
Sapido Wireless Router - Exposure of Sensitive Information2025-06-24

📋Vendor Advisories

1
Microsoft
Kernel: io_uring out of boundary memory access in __io_uaddr_map()2023-12-12
CVE-2025-6560 — Plaintext Storage of a Password | cvebase