CVE-2025-34103
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wepresent | wipg-1500 | * |
| wepresent | wipg-2000 | * |
| wepresent | wipg-1000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated command injection in the WePresent WiPG-1000 device firmware versions prior to 2.2.3.0. It exists in an undocumented CGI script at /cgi-bin/rdfs.cgi, where the Client parameter is not properly sanitized before being passed to a system call. This allows a remote attacker, without needing to authenticate, to inject and execute arbitrary operating system commands on the device as the web server user. [1, 2, 3, 4]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows an unauthenticated remote attacker to execute arbitrary commands on the affected device, potentially leading to full control over the device. This can result in unauthorized access, disruption of device functionality, data compromise, or use of the device as a foothold for further attacks within the network. [2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a GET request to the /cgi-bin/rdfs.cgi endpoint and checking for the presence of the string "Follow administrator instructions to enter the complete path" in the response body. For example, using curl: curl -v http://<target-ip>/cgi-bin/rdfs.cgi and inspecting the response for the specific string. Additionally, the Metasploit module includes a check method that performs this detection. No privileged access is required to perform this check. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the WePresent WiPG-1000 device firmware to version 2.2.3.0 or later, as this version contains the patch that fixes the command injection vulnerability in the /cgi-bin/rdfs.cgi endpoint. Until the upgrade can be performed, restrict network access to the device, especially blocking access to the /cgi-bin/rdfs.cgi endpoint from untrusted networks to prevent exploitation. Monitoring and blocking suspicious POST requests to this endpoint with unusual Client parameter values can also help mitigate risk. [2, 4]