PT-2025-29545 · Wepresent · Wepresent Wipg-1000
Matthias Brun
·
Published
2025-07-15
·
Updated
2025-07-15
·
CVE-2025-34103
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WePresent WiPG-1000 versions prior to 2.2.3.0
Description
An unauthenticated command injection issue exists due to improper input handling in the
/cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, potentially allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.Recommendations
Update to version 2.2.3.0 or later.
Exploit
Fix
Missing Authentication
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wepresent Wipg-1000