CVE-2025-2071

216.73.217.22

· Published 31/03/2025 09:15 · Modified 01/04/2025 20:26

Labels: CVE-2025-2071 2025-03-31 551230f0-3615-47bd-b7cc-93e92e730bbf CVE-2025-2071 CWE-78

Essential information

Published: 31/03/2025 09:15
Modified: 01/04/2025 20:26
Author: —
Creator: —
CVSS: 10.0 CRITICAL (v3) 10.0 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
NVD: View on NVD

Affected products (CPE)

Product	CPE
fast lta / silent brick webui	`cpe:2.3:a:fast_lta:silent_brick_webui::::::::`