10
CVE-2025-34035
- EPSS 7.63%
- Veröffentlicht 24.06.2025 01:15:24
- Zuletzt bearbeitet 20.11.2025 22:15:56
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginAn OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Engeniustech ≫ Esr300 Firmware Version1.1.0.28
Engeniustech ≫ Esr300 Firmware Version1.3.1.42
Engeniustech ≫ Esr300 Firmware Version1.4.0
Engeniustech ≫ Esr300 Firmware Version1.4.1.28
Engeniustech ≫ Esr300 Firmware Version1.4.2
Engeniustech ≫ Esr300 Firmware Version1.4.7
Engeniustech ≫ Esr300 Firmware Version1.4.9
Engeniustech ≫ Esr350 Firmware Version1.1.0.29
Engeniustech ≫ Esr350 Firmware Version1.3.1.41
Engeniustech ≫ Esr350 Firmware Version1.4.0
Engeniustech ≫ Esr350 Firmware Version1.4.2
Engeniustech ≫ Esr350 Firmware Version1.4.5
Engeniustech ≫ Esr350 Firmware Version1.4.9
Engeniustech ≫ Esr350 Firmware Version1.4.11
Engeniustech ≫ Esr600 Firmware Version1.1.0.50
Engeniustech ≫ Esr600 Firmware Version1.2.1.46
Engeniustech ≫ Esr600 Firmware Version1.3.1.63
Engeniustech ≫ Esr600 Firmware Version1.4.0.23
Engeniustech ≫ Esr600 Firmware Version1.4.1
Engeniustech ≫ Esr600 Firmware Version1.4.2
Engeniustech ≫ Esr600 Firmware Version1.4.3
Engeniustech ≫ Esr600 Firmware Version1.4.5
Engeniustech ≫ Esr600 Firmware Version1.4.9
Engeniustech ≫ Esr600 Firmware Version1.4.11
Engeniustech ≫ Esr900 Firmware Version1.1.0
Engeniustech ≫ Esr900 Firmware Version1.2.2.23
Engeniustech ≫ Esr900 Firmware Version1.3.0
Engeniustech ≫ Esr900 Firmware Version1.3.1.26
Engeniustech ≫ Esr900 Firmware Version1.3.5.18
Engeniustech ≫ Esr900 Firmware Version1.4.0
Engeniustech ≫ Esr900 Firmware Version1.4.3
Engeniustech ≫ Esr900 Firmware Version1.4.5
Engeniustech ≫ Esr1200 Firmware Version1.1.0
Engeniustech ≫ Esr1200 Firmware Version1.3.1.34
Engeniustech ≫ Esr1200 Firmware Version1.4.1
Engeniustech ≫ Esr1200 Firmware Version1.4.3
Engeniustech ≫ Esr1200 Firmware Version1.4.5
Engeniustech ≫ Esr1750 Firmware Version1.1.0
Engeniustech ≫ Esr1750 Firmware Version1.2.2.27
Engeniustech ≫ Esr1750 Firmware Version1.3.0
Engeniustech ≫ Esr1750 Firmware Version1.3.1.34
Engeniustech ≫ Esr1750 Firmware Version1.4.0
Engeniustech ≫ Esr1750 Firmware Version1.4.1
Engeniustech ≫ Esr1750 Firmware Version1.4.3
Engeniustech ≫ Esr1750 Firmware Version1.4.5
Engeniustech ≫ Epg5000 Firmware Version1.2.0
Engeniustech ≫ Epg5000 Firmware Version1.3.0
Engeniustech ≫ Epg5000 Firmware Version1.3.2
Engeniustech ≫ Epg5000 Firmware Version1.3.3
Engeniustech ≫ Epg5000 Firmware Version1.3.3.17
Engeniustech ≫ Epg5000 Firmware Version1.3.7.20
Engeniustech ≫ Epg5000 Firmware Version1.3.9.21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.63% | 0.915 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 10 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.