CVE-2025-34068

216.73.217.22

· Published 15/07/2025 13:15 · Modified 15/07/2025 20:07

Labels: CVE-2025-34068 2025-07-15 CVE-2025-34068 CWE-20 [email protected]

Essential information

Published: 15/07/2025 13:15
Modified: 15/07/2025 20:07
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges on the underlying operating system. An attacker can exploit this by crafting a request that injects shell commands to create output files in writable directories and then access their contents via the download endpoint. This flaw allows complete compromise of the device without authentication.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
samsung / wlan ap	`cpe:2.3:a:samsung:wlan_ap:<=5.2.4.T1:::::::*`