Home

Description

OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.

PUBLISHED Reserved 2025-07-16 | Published 2025-09-09 | Updated 2025-09-12 | Assigner Fluid Attacks




HIGH: 8.5CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

844E (custom)
affected

844G (custom)
affected

844GE (custom)
affected

854GE (custom)
affected

References

fluidattacks.com/advisories/bacalao third-party-advisory

www.calix.com product related

revers3everything.com/calix-case-five-0-days-five-cves/ third-party-advisory

cve.org (CVE-2025-54084)

nvd.nist.gov (CVE-2025-54084)

Download JSON