CVE-2025-66261

Published: Nov 26, 2025Modified: Dec 3, 2025

9.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: b7efe717-a805-47cf-8e9a-921fca0ce0ce (Secondary)

Description

Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec() allows remote code execution. The `/var/tdf/restore_settings.php` endpoint passes user-controlled `$_GET["name"]` parameter through `urldecode()` directly into `exec()` without validation or escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, `&&`, etc.) to achieve unauthenticated remote code execution as the web server user.

Affected (22)

Dbbroadcast

22 products

Mozart Next 100 Firmware

Mozart Next 1000 Firmware

Mozart Next 2000 Firmware

Mozart Next 30 Firmware

Mozart Next 300 Firmware

Mozart Next 3000 Firmware

Mozart Next 3500 Firmware

Mozart Next 50 Firmware

Mozart Next 500 Firmware

Mozart Next 6000 Firmware

Mozart Next 7000 Firmware

Mozart Dds Next 30 Firmware

Mozart Dds Next 50 Firmware

Mozart Dds Next 100 Firmware

Mozart Dds Next 300 Firmware

Mozart Dds Next 500 Firmware

Mozart Dds Next 1000 Firmware

Mozart Dds Next 2000 Firmware

Mozart Dds Next 3000 Firmware

Mozart Dds Next 3500 Firmware

Mozart Dds Next 6000 Firmware

Mozart Dds Next 7000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 100 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 1000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 1000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 2000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 2000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 30 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 30	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 300 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 300	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 3000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 3000	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 3500 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 3500	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 50 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 50	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 500 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 500	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 6000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 6000	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Next 7000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Next 7000	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 30 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 30	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 50 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 50	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 100 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 100	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 300 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 300	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 500 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 500	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 1000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 1000	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 2000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 2000	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 3000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 3000	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 3500 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 3500	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 6000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 6000	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dbbroadcast Mozart Dds Next 7000 Firmware	All versions

Running on/with	Platform Versions
Dbbroadcast Mozart Dds Next 7000	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (1)

https://www.abdulmhsblog.com/posts/webfmvulns/

Source: b7efe717-a805-47cf-8e9a-921fca0ce0ce

ExploitThird Party Advisory

Timeline

No history available yet.