CVE-2025-34049

216.73.217.22

· Published 26/06/2025 16:15 · Modified 26/06/2025 18:57

Labels: CVE-2025-34049 2025-06-26 CVE-2025-34049 CWE-20 [email protected]

Essential information

Published: 26/06/2025 16:15
Modified: 26/06/2025 18:57
Author: —
Creator: —
CVSS: 9.4 CRITICAL (v3) 9.4 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
optilink / ont1gew gpon router	`cpe:2.3:a:optilink:ont1gew_gpon_router:<=2.1.11_x101:::::::*`