CVE-2025-27804

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description There are several OS command injection vulnerabilities in the device firmware, specifically in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic, an attacker can execute arbitrary OS commands with root permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.