Home

Description

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).

PUBLISHED Reserved 2025-04-16 | Published 2025-07-23 | Updated 2025-07-23 | Assigner CERTVDE




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

V0.0 (semver) before V1.49
affected

Default status
unaffected

V0.0 (semver) before V1.62
affected

Default status
unaffected

V0.0 (semver) before V1.62
affected

Credits

Reid Wightman of Dragos Inc. finder

References

certvde.com/de/advisories/VDE-2025-052

cve.org (CVE-2025-41684)

nvd.nist.gov (CVE-2025-41684)

Download JSON