CVE-2025-20617

Published Jan 22, 2025

Last updated 3 days ago

CVSS high 7.2

Overview

Description
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen operation, an arbitrary OS command may be executed. This vulnerability was reported on a different screen operation from CVE-2025-26856.
Source
vultures@jpcert.or.jp
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

vultures@jpcert.or.jp
CWE-78

Social media

Hype score
Not currently trending

  1. CVE-2025-20617 Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If this vulner… https://t.co/IYGYU0oI5J

    @CVEnew

    22 Jan 2025

    487 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References