PT-2025-29565 · Nexxt Solutions · Nexxt Solutions Ncm-X1800 Mesh Router

Vagebondcur

Publicado

2025-07-15

Atualizado

2025-07-15

CVE-2025-52379

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nexxt Solutions NCM-X1800 Mesh Router firmware versions prior to UV1.2.7

Description Nexxt Solutions NCM-X1800 Mesh Router firmware contains an authenticated command injection issue in the firmware update feature. The /web/um fileName set.cgi and /web/um web upgrade.cgi API endpoints do not properly sanitize the upgradeFileName parameter. This allows authenticated attackers to execute arbitrary OS commands on the device, potentially leading to remote code execution.

Recommendations Update Nexxt Solutions NCM-X1800 Mesh Router firmware to version UV1.2.7 or later.

Exploit

Correção

RCE

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2025-52379

Produtos afetados

Nexxt Solutions Ncm-X1800 Mesh Router

PT-2025-29565 · Nexxt Solutions · Nexxt Solutions Ncm-X1800 Mesh Router

CVE-2025-52379

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6