PT-2025-11457 · Oiwtech · Oiw-2431Apgn-Hp

Havook

Published

2025-03-17

Updated

2025-03-19

CVE-2025-2367

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oiwtech OIW-2431APGN-HP version 2.5.3-B20131128

Description A critical issue has been discovered, affecting the Personal Script Submenu component, specifically the file /boafrm/formScript. This issue leads to os command injection and can be initiated remotely. The vendor was contacted about the disclosure but did not respond.

Recommendations For Oiwtech OIW-2431APGN-HP version 2.5.3-B20131128, as a temporary workaround, consider restricting access to the /boafrm/formScript file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2025-2367

Affected Products

Oiw-2431Apgn-Hp

PT-2025-11457 · Oiwtech · Oiw-2431Apgn-Hp

CVE-2025-2367

Weakness Enumeration

Related Identifiers

Affected Products

References · 9