CVE-2025-2071
OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI
A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".
Reserved 2025-03-06 | Published 2025-03-31 | Updated 2025-03-31 | Assigner SEC-VLabCWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)
| 2024-12-24: | vulnerability has been identified and reported to the vendor |
| 2025-01-16: | transmission of further technical information to the vendor |
| 2025-01-23: | vulnerability has been confirmed by the vendor and a patch is in progress |
| 2025-03-06: | Vendor patch available |
Stefan Mettler from CRYPTRON Security GmbH
www.fast-lta.de/de/fast/silent-bricks-software-2-63
Support options
