CVE-2025-48415 | THREATINT

Description

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.

PUBLISHED Reserved 2025-05-20 | Published 2025-05-21 | Updated 2025-11-03 | Assigner SEC-VLab

Problem types

CWE-749 Exposed Dangerous Method or Function

Product status

Default status

affected

<=2.2.0

affected

Credits

Stefan Viehböck | SEC Consult Vulnerability Lab finder

References

seclists.org/fulldisclosure/2025/May/23

r.sec-consult.com/echarge third-party-advisory

cve.org (CVE-2025-48415)

nvd.nist.gov (CVE-2025-48415)

Download JSON