Russound · Russound Mbx-Pre-D67F · CVE-2025-50475
**Name of the Vulnerable Software and Affected Versions**
Russound MBX-PRE-D67F version 3.1.6
**Description**
An OS command injection issue exists in the network configuration handler, allowing unauthenticated attackers to execute arbitrary commands as root. The vulnerability is due to improper neutralization of special elements used in an OS command. This enables remote code execution with the highest privileges via crafted input to the `hostname` parameter in network configuration requests.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.