← Back

CVE-2025-34035

nvd nistnuclei
Published: Jun 24, 2025Modified: Nov 20, 2025

JSON object

Loading...
10.0
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.

Affected (52)

Engeniustech
7 products
Esr300 Firmware
Esr350 Firmware
Esr600 Firmware
Esr900 Firmware
Esr1200 Firmware
Esr1750 Firmware
Epg5000 Firmware
Configuration A
7 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Engeniustech
Esr300 Firmware
Version 1.1.0.28
Esr300 Firmware
Version 1.3.1.42
Esr300 Firmware
Version 1.4.0
Esr300 Firmware
Version 1.4.1.28
Esr300 Firmware
Version 1.4.2
Esr300 Firmware
Version 1.4.7
Esr300 Firmware
Version 1.4.9
Running on/withPlatform Versions
Engeniustech
Esr300
All versions
Configuration B
7 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Engeniustech
Esr350 Firmware
Version 1.1.0.29
Esr350 Firmware
Version 1.3.1.41
Esr350 Firmware
Version 1.4.0
Esr350 Firmware
Version 1.4.11
Esr350 Firmware
Version 1.4.2
Esr350 Firmware
Version 1.4.5
Esr350 Firmware
Version 1.4.9
Running on/withPlatform Versions
Engeniustech
Esr350
All versions
Configuration C
10 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Engeniustech
Esr600 Firmware
Version 1.1.0.50
Esr600 Firmware
Version 1.2.1.46
Esr600 Firmware
Version 1.3.1.63
Esr600 Firmware
Version 1.4.0.23
Esr600 Firmware
Version 1.4.11
Esr600 Firmware
Version 1.4.1
Esr600 Firmware
Version 1.4.2
Esr600 Firmware
Version 1.4.3
Esr600 Firmware
Version 1.4.5
Esr600 Firmware
Version 1.4.9
Running on/withPlatform Versions
Engeniustech
Esr600
All versions
Configuration D
8 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Engeniustech
Esr900 Firmware
Version 1.1.0
Esr900 Firmware
Version 1.2.2.23
Esr900 Firmware
Version 1.3.0
Esr900 Firmware
Version 1.3.1.26
Esr900 Firmware
Version 1.3.5.18
Esr900 Firmware
Version 1.4.0
Esr900 Firmware
Version 1.4.3
Esr900 Firmware
Version 1.4.5
Running on/withPlatform Versions
Engeniustech
Esr900
All versions
Configuration E
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Engeniustech
Esr1200 Firmware
Version 1.1.0
Esr1200 Firmware
Version 1.3.1.34
Esr1200 Firmware
Version 1.4.1
Esr1200 Firmware
Version 1.4.3
Esr1200 Firmware
Version 1.4.5
Running on/withPlatform Versions
Engeniustech
Esr1200
All versions
Configuration F
8 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Engeniustech
Esr1750 Firmware
Version 1.1.0
Esr1750 Firmware
Version 1.2.2.27
Esr1750 Firmware
Version 1.3.0
Esr1750 Firmware
Version 1.3.1.34
Esr1750 Firmware
Version 1.4.0
Esr1750 Firmware
Version 1.4.1
Esr1750 Firmware
Version 1.4.3
Esr1750 Firmware
Version 1.4.5
Running on/withPlatform Versions
Engeniustech
Esr1750
All versions
Configuration G
7 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Engeniustech
Epg5000 Firmware
Version 1.2.0
Epg5000 Firmware
Version 1.3.0
Epg5000 Firmware
Version 1.3.2
Epg5000 Firmware
Version 1.3.3.17
Epg5000 Firmware
Version 1.3.3
Epg5000 Firmware
Version 1.3.7.20
Epg5000 Firmware
Version 1.3.9.21
Running on/withPlatform Versions
Engeniustech
Epg5000
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: disclosure@vulncheck.com
Broken Link
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline

No history available yet.