CVE-2025-2071

Name of the Vulnerable Software and Affected Versions FAST LTA Silent Brick WebUI versions prior to 2.63.04

Description A critical OS Command Injection issue has been identified, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This issue arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. The affected WebUI parameters are hd and pi.

Recommendations For versions prior to 2.63.04, update to version 2.63.04 or later to resolve the issue. As a temporary workaround, consider restricting access to the hd and pi parameters in the WebUI to minimize the risk of exploitation.