A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') while uploading a config file via webUI.
References
Link | Resource |
---|---|
https://certvde.com/en/advisories/VDE-2025-030 |
Configurations
No configuration.
History
08 Jul 2025, 16:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Jul 2025, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-07 10:15
Updated : 2025-07-08 16:18
NVD link : CVE-2025-3626
Mitre link : CVE-2025-3626
CVE.ORG link : CVE-2025-3626
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')