CVE-2025-34035

Sažetak

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise.

Reference

https://cxsecurity.com/issue/WLB-2017060050
https://packetstormsecurity.com/files/142792
https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service-command-injection
https://www.exploit-db.com/exploits/42114
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

24-06-2025 - 01:15

Objavljeno

24-06-2025 - 01:15