CVE-2025-34035

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34035
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cxsecurity.com/issue/WLB-2017060050 Exploit Third Party Advisory
https://packetstormsecurity.com/files/142792 Broken Link
https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service Third Party Advisory
https://www.exploit-db.com/exploits/42114 Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:engeniustech:esr300_firmware:1.1.0.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.3.1.42:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.1.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.7:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:engeniustech:esr350_firmware:1.1.0.29:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.3.1.41:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr350:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:engeniustech:esr600_firmware:1.1.0.50:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.2.1.46:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.3.1.63:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.0.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr600:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:engeniustech:esr900_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.2.2.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.1.26:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.5.18:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr900:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:engeniustech:esr1200_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1200:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:engeniustech:esr1750_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.2.2.27:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1750:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:engeniustech:epg5000_firmware:1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3.17:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.7.20:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.9.21:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:epg5000:-:*:*:*:*:*:*:*
History

09 Jul 2025, 19:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
References () https://cxsecurity.com/issue/WLB-2017060050 - () https://cxsecurity.com/issue/WLB-2017060050 - Exploit, Third Party Advisory
References () https://packetstormsecurity.com/files/142792 - () https://packetstormsecurity.com/files/142792 - Broken Link
References () https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service - () https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service - Third Party Advisory
References () https://www.exploit-db.com/exploits/42114 - () https://www.exploit-db.com/exploits/42114 - Exploit, Third Party Advisory
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php - Exploit, Third Party Advisory
First Time Engeniustech esr300
Engeniustech esr350 Firmware
Engeniustech esr300 Firmware
Engeniustech esr900
Engeniustech
Engeniustech esr1200
Engeniustech esr350
Engeniustech esr1750 Firmware
Engeniustech esr1200 Firmware
Engeniustech epg5000
Engeniustech esr900 Firmware
Engeniustech esr600 Firmware
Engeniustech esr600
Engeniustech epg5000 Firmware
Engeniustech esr1750
CPE cpe:2.3:o:engeniustech:esr600_firmware:1.2.1.46:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1200:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.2.2.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr900:-:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr600:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.1.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.1.26:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1750:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.3.1.42:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.1.0.50:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.7:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.5.18:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.3.1.63:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.0.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr350:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.7.20:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr300:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.2.2.27:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.9.21:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.1.0.29:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3.17:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.3.1.41:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:epg5000:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.1.0.28:*:*:*:*:*:*:*

26 Jun 2025, 18:58

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de inyección de comandos del sistema operativo en EnGenius EnShare Cloud Service versión 1.4.11 y anteriores. El script usbinteract.cgi no depura correctamente la entrada del usuario enviada al parámetro path, lo que permite a atacantes remotos no autenticados inyectar comandos de shell arbitrarios. Los comandos inyectados se ejecutan con privilegios de root, lo que compromete por completo el sistema.

24 Jun 2025, 14:15

Type Values Removed Values Added
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php -

24 Jun 2025, 03:15

Type Values Removed Values Added
References
  • {'url': 'https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service-command-injection', 'source': 'disclosure@vulncheck.com'}
  • () https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service -

24 Jun 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-24 01:15

Updated : 2025-07-09 19:08

NVD link : CVE-2025-34035

Mitre link : CVE-2025-34035

CVE.ORG link : CVE-2025-34035

JSON object : View

Products Affected

engeniustech

  • esr900
  • esr600
  • esr1750
  • esr1200
  • epg5000
  • esr350
  • esr300_firmware
  • esr300
  • esr350_firmware
  • esr1200_firmware
  • esr900_firmware
  • esr600_firmware
  • epg5000_firmware
  • esr1750_firmware
CWE
CWE-20

Improper Input Validation

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')