CVE-2025-25053 | THREATINT

Description

OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.

PUBLISHED Reserved 2025-03-24 | Published 2025-04-09 | Updated 2025-04-09 | Assigner jpcert

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

v2.0.03P and earlier

affected

v2.0.03P and earlier

affected

v2.0.03P and earlier

affected

v2.0.03P and earlier

affected

v2.0.03P and earlier

affected

v2.0.03P and earlier

affected

References

www.inaba.co.jp/abaniact/news/security_20250404.pdf

jvn.jp/en/vu/JVNVU93925742/

cve.org (CVE-2025-25053)

nvd.nist.gov (CVE-2025-25053)

Download JSON

help @ threatint.eu