PT-2025-14544 · Unknown+1 · Goahead Webservice+1

Published

2025-04-02

Updated

2025-04-05

CVE-2025-29062

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BL-AC2100 versions <=V1.0.4

Description The issue allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set LimitClient cfg of the goahead webservice.

Recommendations For BL-AC2100 versions <=V1.0.4, consider restricting access to the set LimitClient cfg endpoint of the goahead webservice until a patch is available. Avoid using the time1 and time2 parameters in the affected endpoint until the issue is resolved.

Exploit

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2025-29062

Affected Products

Bl-Ac2100

Goahead Webservice

PT-2025-14544 · Unknown+1 · Goahead Webservice+1

CVE-2025-29062

Weakness Enumeration

Related Identifiers

Affected Products

References · 8