CVE-2025-58116
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-17
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| i-o_data_device | wn-7d36qr/ue | * |
| i-o_data_device | wn-7d36qr | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS command injection issue in the Wi-Fi router models WN-7D36QR and WN-7D36QR/UE from I-O DATA DEVICE, INC. It allows a remote authenticated attacker to execute arbitrary operating system commands on the device, potentially taking control or causing harm to the system. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an authenticated attacker to run arbitrary OS commands on the affected router, which could lead to full compromise of the device, disruption of network services, unauthorized access to network resources, and potential further attacks on connected systems. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should update their WN-7D36QR and WN-7D36QR/UE devices to the latest firmware version 2.1.3 provided by I-O DATA DEVICE, INC. Firmware downloads and update instructions are available from the vendor. Additionally, contacting I-O DATA's help center for support during business hours is recommended. [1]