CVE-2025-41427
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-06-26
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection issue found in the Connection Diagnostics page of WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN devices. It occurs because the system does not properly neutralize special elements in user input, allowing a remote authenticated attacker to send a specially crafted request that can execute arbitrary operating system commands on the affected device.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with authentication to execute arbitrary OS commands on the affected device remotely. This can lead to unauthorized control over the device, potentially compromising its integrity, availability, and confidentiality, and may allow further attacks within the network.