PT-2025-29544 · Samsung · Samsung Wlan Ap Wea453E
Omri Inbar
·
Published
2025-07-15
·
Updated
2025-07-15
·
CVE-2025-34068
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Samsung WLAN AP WEA453e versions prior to 5.2.4.T1
Description
An unauthenticated remote command execution issue exists due to improper input validation in the “Tech Support” diagnostic functionality. The
command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges. An attacker can exploit this by crafting a request to inject shell commands, create output files in writable directories, and then access their contents via the download endpoint, leading to complete device compromise without authentication.Recommendations
Update to version 5.2.4.T1 or later.
Exploit
Fix
Missing Authentication
OS Command Injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Samsung Wlan Ap Wea453E