CVE-2025-34035

{"id": "CVE-2025-34035", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-24T01:15:24.763", "references": [{"url": "https://cxsecurity.com/issue/WLB-2017060050", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://packetstormsecurity.com/files/142792", "tags": ["Broken Link"], "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/42114", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en EnGenius EnShare Cloud Service versi\u00f3n 1.4.11 y anteriores. El script usbinteract.cgi no depura correctamente la entrada del usuario enviada al par\u00e1metro path, lo que permite a atacantes remotos no autenticados inyectar comandos de shell arbitrarios. Los comandos inyectados se ejecutan con privilegios de root, lo que compromete por completo el sistema."}], "lastModified": "2025-11-20T22:15:56.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:engeniustech:esr300_firmware:1.1.0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01334F44-2F36-4809-9087-21B9459FD71E"}, {"criteria": "cpe:2.3:o:engeniustech:esr300_firmware:1.3.1.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "915E0D9B-A924-4AE8-B837-57CB4F4ACB22"}, {"criteria": "cpe:2.3:o:engeniustech:esr300_firmware:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C44CC9-6F20-4B99-AE68-C1E526233DF9"}, {"criteria": "cpe:2.3:o:engeniustech:esr300_firmware:1.4.1.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "521FF3A0-8FA4-4A59-B00C-F0DEC4A4E778"}, {"criteria": "cpe:2.3:o:engeniustech:esr300_firmware:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC3398A7-2BBD-4FDC-AA00-196563220F81"}, {"criteria": "cpe:2.3:o:engeniustech:esr300_firmware:1.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1E3718-B4C2-49F4-83BA-4CB05BB5108C"}, {"criteria": "cpe:2.3:o:engeniustech:esr300_firmware:1.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEF34250-F996-403E-9CFC-AC2F9496B9D3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:engeniustech:esr300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2FFE521-B6A9-4070-A91B-FDB1BD0FBD46"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:engeniustech:esr350_firmware:1.1.0.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38901E90-6040-48B9-B4BC-B0367DAD2C88"}, {"criteria": "cpe:2.3:o:engeniustech:esr350_firmware:1.3.1.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19636B66-7BC4-4BED-B9B0-56B30E196A79"}, {"criteria": "cpe:2.3:o:engeniustech:esr350_firmware:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDEE977B-876B-4870-9F95-58117BB77617"}, {"criteria": "cpe:2.3:o:engeniustech:esr350_firmware:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9EAE034-F08E-4B1D-A57F-071870F47C10"}, {"criteria": "cpe:2.3:o:engeniustech:esr350_firmware:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB0400F1-CD4B-4256-BCEB-202495D48F4E"}, {"criteria": "cpe:2.3:o:engeniustech:esr350_firmware:1.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9ED2DCF-59BE-4390-9804-AE8BA333BA7F"}, {"criteria": "cpe:2.3:o:engeniustech:esr350_firmware:1.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D7124D-153D-4DC5-8B74-567A998B6590"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:engeniustech:esr350:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "641FE70C-9DE5-436F-A23F-72A38DB4A282"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.1.0.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E540691D-3D97-49B8-8E20-C962093946CE"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.2.1.46:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EA691B6-BAC5-4D6A-9AEB-29D9B2539DD1"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.3.1.63:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90661049-6B4F-4867-A319-AC72B1725B70"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.4.0.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107428B5-06A6-4F4E-B351-4B465D1B83AF"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ACF9999-3B5D-47BB-8C7F-EE8374F202A7"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56D33DE8-4679-4FF1-90B1-FDCE26760347"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D65AB145-B93F-4432-9123-78C5A910023C"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E783F09C-5698-4CA2-88B6-1BA08D854E6B"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "968F3619-0904-4866-A3BA-DC8973CC3342"}, {"criteria": "cpe:2.3:o:engeniustech:esr600_firmware:1.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A64D257F-E3C0-40EB-993B-411779EFC161"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:engeniustech:esr600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6FD4A2C-A954-42E1-AA5F-1079DF273FE2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:engeniustech:esr900_firmware:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE33B9D9-C987-4ED4-9074-CB9309428005"}, {"criteria": "cpe:2.3:o:engeniustech:esr900_firmware:1.2.2.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95869E44-9D11-4DD8-A73D-2A1BEEA491C9"}, {"criteria": "cpe:2.3:o:engeniustech:esr900_firmware:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CD2F563-3CF7-4389-814F-0252EE15BA26"}, {"criteria": "cpe:2.3:o:engeniustech:esr900_firmware:1.3.1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F78A7329-9DAA-4DCF-AF4A-3CC463B2BC39"}, {"criteria": "cpe:2.3:o:engeniustech:esr900_firmware:1.3.5.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12AD6D11-7D52-4A3B-8DA5-C1DB68C38760"}, {"criteria": "cpe:2.3:o:engeniustech:esr900_firmware:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "537C5026-73D5-4BAC-A373-FC05F2A4A2EA"}, {"criteria": "cpe:2.3:o:engeniustech:esr900_firmware:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99F37AD1-9A0F-439B-9D37-EA94346A5A20"}, {"criteria": "cpe:2.3:o:engeniustech:esr900_firmware:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEAE5096-DF1D-40EB-B1BB-ECFEBF40E130"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:engeniustech:esr900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A260CFC-3B18-4541-806E-94EE562395E2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:engeniustech:esr1200_firmware:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0EA408E-F053-4246-92B5-B020CCB15413"}, {"criteria": "cpe:2.3:o:engeniustech:esr1200_firmware:1.3.1.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "451C1304-51D1-4203-A0B9-48B9D4C74B0A"}, {"criteria": "cpe:2.3:o:engeniustech:esr1200_firmware:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6424BADD-EC23-4A33-89CE-8AF72CB18E28"}, {"criteria": "cpe:2.3:o:engeniustech:esr1200_firmware:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92865DE7-A769-4E39-9EE0-AA7F2D46534E"}, {"criteria": "cpe:2.3:o:engeniustech:esr1200_firmware:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9F8C66F-0E8D-404C-BCA9-F026F95BD7FF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:engeniustech:esr1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CE751B7-2530-4CBE-A00A-1F8C13F84834"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:engeniustech:esr1750_firmware:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D44C246A-DFBB-484D-ABA3-CCA289C6978D"}, {"criteria": "cpe:2.3:o:engeniustech:esr1750_firmware:1.2.2.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E33B9DF5-9719-48C1-BE50-FDED6F8FF566"}, {"criteria": "cpe:2.3:o:engeniustech:esr1750_firmware:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1D4CFD-DE05-45B7-ACF7-00C10EF178BD"}, {"criteria": "cpe:2.3:o:engeniustech:esr1750_firmware:1.3.1.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F44CDC69-8350-45B3-9769-1C0A284E8FB1"}, {"criteria": "cpe:2.3:o:engeniustech:esr1750_firmware:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C18597C4-9AEE-4FAC-9249-CD68AC7C84C9"}, {"criteria": "cpe:2.3:o:engeniustech:esr1750_firmware:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF84C882-9982-4334-8C05-1CA80420E700"}, {"criteria": "cpe:2.3:o:engeniustech:esr1750_firmware:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B26B28-E5C4-4F74-84CD-3C8B620997BE"}, {"criteria": "cpe:2.3:o:engeniustech:esr1750_firmware:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E0113B2-E5DA-493A-8CBF-08CC7C1A34E0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:engeniustech:esr1750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CC87617-AB00-416A-BC73-ABBDD4A95AA9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:engeniustech:epg5000_firmware:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5E0C5F9-8859-483A-A7F5-55809BA3F4AE"}, {"criteria": "cpe:2.3:o:engeniustech:epg5000_firmware:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40601E1E-3C80-4BCF-B92A-ACD058097CEB"}, {"criteria": "cpe:2.3:o:engeniustech:epg5000_firmware:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40402302-F6EE-4EA1-9925-991437978547"}, {"criteria": "cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A29F0E0C-17AF-4664-B0D5-EB3FD8DF6F1F"}, {"criteria": "cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF9D19CA-343D-4825-903C-7FD013492613"}, {"criteria": "cpe:2.3:o:engeniustech:epg5000_firmware:1.3.7.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5461F8A-9A98-4D99-AF72-FE52CDEE7FF2"}, {"criteria": "cpe:2.3:o:engeniustech:epg5000_firmware:1.3.9.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF1E429B-4ED5-497F-926B-F8A876FC6D0D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:engeniustech:epg5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D2D55FB-BF65-4201-9583-07B7C514664D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "disclosure@vulncheck.com"}