CVE-2025-50475

Name of the Vulnerable Software and Affected Versions Russound MBX-PRE-D67F version 3.1.6

Description An OS command injection issue exists in the network configuration handler, allowing unauthenticated attackers to execute arbitrary commands as root. The vulnerability is due to improper neutralization of special elements used in an OS command. This enables remote code execution with the highest privileges via crafted input to the hostname parameter in network configuration requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.