CVE-2025-33024

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROX MX5000 versions prior to V2.16.5 RUGGEDCOM ROX MX5000RE versions prior to V2.16.5 RUGGEDCOM ROX RX1400 versions prior to V2.16.5 RUGGEDCOM ROX RX1500 versions prior to V2.16.5 RUGGEDCOM ROX RX1501 versions prior to V2.16.5 RUGGEDCOM ROX RX1510 versions prior to V2.16.5 RUGGEDCOM ROX RX1511 versions prior to V2.16.5 RUGGEDCOM ROX RX1512 versions prior to V2.16.5 RUGGEDCOM ROX RX1524 versions prior to V2.16.5 RUGGEDCOM ROX RX1536 versions prior to V2.16.5 RUGGEDCOM ROX RX5000 versions prior to V2.16.5

Description: A vulnerability has been identified in the tcpdump tool in the web interface of affected devices, which is vulnerable to command injection due to missing server-side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

Recommendations: For all affected versions, update to version V2.16.5 or later to resolve the issue. As a temporary workaround, consider disabling the tcpdump tool in the web interface until a patch is available. Restrict access to the web interface to minimize the risk of exploitation.