CVE-2025-29534
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-07-29
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerstick | wifi_extender | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-29534 is an authenticated remote code execution vulnerability in the PowerStick Wave Dual-Band WiFi Extender version 1.0. It occurs because the device's CGI script at /cgi-bin/cgi_vista.cgi does not properly sanitize user input, specifically the "time_zone" parameter in a JSON payload sent via an HTTP POST request. An attacker with valid credentials can inject malicious commands through this parameter, which are executed with root privileges on the device, allowing full control over it. [1]
How can this vulnerability impact me? :
This vulnerability can lead to complete compromise of the affected device. An attacker can execute arbitrary commands with root privileges, potentially intercepting network traffic, deploying malware, or using the device as part of a botnet. This poses significant risks to the confidentiality, integrity, and availability of the device and the network it is connected to. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST requests to the endpoint /cgi-bin/cgi_vista.cgi on the PowerStick Wave Dual-Band WiFi Extender, specifically looking for suspicious or malformed "time_zone" parameters in the JSON payload for command ID 55. A detection approach could involve capturing and inspecting network traffic to identify such requests. For example, using curl to simulate or detect the exploit attempt: curl -X POST http://<device-ip>/cgi-bin/cgi_vista.cgi -d '{"command":55, "time_zone":";id;"}' -H 'Content-Type: application/json'. Additionally, network intrusion detection systems (NIDS) can be configured to alert on POST requests to /cgi-bin/cgi_vista.cgi containing suspicious command injection patterns in the "time_zone" parameter. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing the default administrator password to a strong, unique password to prevent unauthorized access, replacing the vulnerable device with a more secure alternative if possible, and applying any available firmware updates or patches from the vendor once released. Restricting network access to the device's management interface and monitoring for suspicious activity can also help reduce risk until a patch is applied. [1]