fkie_cve-2025-50475
Vulnerability from fkie_nvd
Published
2025-07-31 15:15
Modified
2025-07-31 18:42
Severity ?
Summary
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization of special elements used in an OS command within the network configuration handler, enabling remote code execution with the highest privileges.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization of special elements used in an OS command within the network configuration handler, enabling remote code execution with the highest privileges."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la versi\u00f3n 3.1.6 del firmware Russound MBX-PRE-D67F, que permite a atacantes no autenticados ejecutar comandos arbitrarios como root mediante una entrada manipulada en el par\u00e1metro hostname en las solicitudes de configuraci\u00f3n de red. Esta vulnerabilidad se deriva de la neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo dentro del controlador de configuraci\u00f3n de red, lo que permite la ejecuci\u00f3n remota de c\u00f3digo con los privilegios m\u00e1s altos."
}
],
"id": "CVE-2025-50475",
"lastModified": "2025-07-31T18:42:37.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-31T15:15:36.830",
"references": [
{
"source": "cve@mitre.org",
"url": "https://drive.google.com/file/d/1ZmZHzJKU-nrhFXd9w94aiGXYYYldtmni/view?usp=sharing"
},
{
"source": "cve@mitre.org",
"url": "https://pastebin.com/ic8hkC5V"
},
{
"source": "cve@mitre.org",
"url": "https://pastebin.com/raw/0U6F55G5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…