CVE-2025-34035

Name of the Vulnerable Software and Affected Versions: EnGenius EnShare Cloud Service versions 1.4.11 and earlier

Description: An OS command injection issue exists due to the usbinteract.cgi script's failure to properly sanitize user input passed to the path parameter. This allows unauthenticated remote attackers to inject arbitrary shell commands, which are executed with root privileges, leading to full system compromise.

Recommendations: For EnGenius EnShare Cloud Service versions 1.4.11 and earlier, consider disabling the usbinteract.cgi script until a patch is available to prevent exploitation. Restrict access to the vulnerable script to minimize the risk of compromise. Avoid using the path parameter in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.