CVE-2025-43879
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-06-26
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS command injection issue found in the ELECOM wireless LAN routers WRH-733GBK and WRH-733GWH. It occurs in the miniigd SOAP service, where improper neutralization of special elements allows a remote unauthenticated attacker to send a specially crafted request that can execute arbitrary operating system commands on the affected device. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is severe. A remote unauthenticated attacker can exploit it to execute arbitrary OS commands on the affected device, potentially taking full control of the device. This can lead to unauthorized access, data compromise, disruption of network services, or use of the device as a foothold for further attacks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unusual or unauthorized OS command executions via the miniigd SOAP service on affected devices (WRH-733GBK and WRH-733GWH). Since the vulnerability allows remote unauthenticated OS command injection, network administrators should look for suspicious SOAP requests or unexpected command execution logs. Specific detection commands are not provided in the resources. However, general approaches include capturing and analyzing network traffic to the SOAP service ports using tools like tcpdump or Wireshark, and checking system logs for abnormal command executions. For example, using tcpdump to capture SOAP traffic: tcpdump -i <interface> port 80 or port 5000 (depending on the SOAP service port). Additionally, monitoring device logs for unexpected commands or behavior is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
ELECOM no longer supports the affected products WRH-733GBK and WRH-733GWH. The recommended immediate mitigation is to discontinue use of these devices. Since no firmware updates are available, users should replace these devices with supported models. As a workaround, users should restrict network access to the miniigd SOAP service, disable the service if possible, and implement network-level protections such as firewall rules to block unauthorized access. Changing default passwords and limiting remote access can also help reduce risk. [1]