Home
LOW: 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NDefault status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Description
A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.
Problem types
CWE-77:Improper Neutralization of Special Elements used in a Command ('Command Injection')
Product status
0.0.0 (semver) before Firmware v3.2.0
0.0.0 (semver) before Firmware v3.2.0
0.0.0 (semver) before Firmware v3.2.0
0.0 (semver) before Firmware v6.0
0.0 (semver) before Firmware v6.0
0.0 (semver) before Firmware v6.0
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T
References
sauter.csaf-tp.certvde.com/...f/white/2025/vde-2025-060.json
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
