CVE-2025-27494

Name of the Vulnerable Software and Affected Versions SiPass integrated AC5102 (ACC-G2) versions prior to V6.4.9 SiPass integrated ACC-AP versions prior to V6.4.9

Description A vulnerability has been identified where affected devices improperly sanitize input for the "pubkey" endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Recommendations For SiPass integrated AC5102 (ACC-G2) versions prior to V6.4.9, update to version V6.4.9 or later to resolve the issue. For SiPass integrated ACC-AP versions prior to V6.4.9, update to version V6.4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "pubkey" endpoint of the REST API to minimize the risk of exploitation.