CVE-2025-34029

CVSS v4.0

9.4

Critical

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions: Edimax EW-7438RPn Mini firmware versions 1.13 and prior

Description: A remote authenticated attacker can exploit an OS command injection issue via the syscmd.asp form handler, specifically through the "sysCmd" parameter in the "/goform/formSysCmd" endpoint. This allows the execution of arbitrary shell commands as the root user.

Recommendations: For Edimax EW-7438RPn Mini firmware versions 1.13 and prior, consider disabling access to the "/goform/formSysCmd" endpoint until a patch is available. Restrict the use of the sysCmd parameter in the syscmd.asp form handler to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2025-07601

CVE-2025-34029

Affected Products

Edimax Ew-7438Rpn Mini

CVE-2025-34029

Weakness Enumeration

Related Identifiers

Affected Products

References · 10