Wepresent · Wepresent Wipg-1000 · CVE-2025-34103
**Name of the Vulnerable Software and Affected Versions**
WePresent WiPG-1000 versions prior to 2.2.3.0
**Description**
An unauthenticated command injection issue exists due to improper input handling in the `/cgi-bin/rdfs.cgi` endpoint. The `Client` parameter is not sanitized before being passed to a system call, potentially allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.
**Recommendations**
Update to version 2.2.3.0 or later.