CVE-2025-3499

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined.

Description: The device has two web servers that expose unauthenticated REST APIs on the management network, specifically on TCP ports 8084 and 8086. An attacker can exploit OS command injection through these APIs to send arbitrary commands that are executed with administrative permissions by the underlying operating system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.