CVE-2025-6104

Name of the Vulnerable Software and Affected Versions Wifi-soft UniBox Controller versions up to 20250506

Description A critical issue was found in Wifi-soft UniBox Controller, affecting an unknown part of the file /billing/pms check.php. The manipulation of the ipaddress argument leads to os command injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Wifi-soft UniBox Controller versions up to 20250506, as a temporary workaround, consider restricting access to the /billing/pms check.php file and avoid using the ipaddress argument in this context until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.