CVE-2025-26056

Name of the Vulnerable Software and Affected Versions Infinxt iEdge 100 version 2.1.32

Description A command injection issue exists in the Troubleshoot module's "MTR" functionality due to improper validation of user-supplied input in the mtrIp parameter. This allows an attacker to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process.

Recommendations For Infinxt iEdge 100 version 2.1.32, consider disabling the "MTR" functionality in the Troubleshoot module until a patch is available to prevent exploitation of the command injection flaw. Restrict access to the mtrIp parameter to minimize the risk of arbitrary command execution.