CVE-2025-58116 | THREATINT

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker.

PUBLISHED Reserved 2025-09-10 | Published 2025-09-17 | Updated 2025-09-17 | Assigner jpcert

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

firmware Ver.1.1.3 and prior versions

affected

firmware Ver.1.1.3 and prior versions

affected

References

www.iodata.jp/...ort/information/2025/09_wn-7d36qr/index.htm

jvn.jp/en/vu/JVNVU97490987/

cve.org (CVE-2025-58116)

nvd.nist.gov (CVE-2025-58116)

Download JSON