CVE-2025-6103

Name of the Vulnerable Software and Affected Versions Wifi-soft UniBox Controller versions up to 20250506

Description A critical issue has been found, affecting some unknown functionality of the file /billing/test accesscodelogin.php. The manipulation of the Password argument leads to os command injection. This issue can be exploited remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations For Wifi-soft UniBox Controller versions up to 20250506, as a temporary workaround, consider restricting access to the /billing/test accesscodelogin.php file and avoid using the Password argument in this context until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.