PT-2025-31647 · Unknown+1 · Ak-Nord Usb-Server-Lxl+1
Marcus Krüppel
·
Published
2025-08-01
·
Updated
2025-08-01
·
CVE-2025-52361
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AK-Nord USB-Server-LXL Firmware version 0.0.16 Build 2023-03-13
Description
Insecure permissions within the
/etc/init.d/lighttpd script allow a locally authenticated low-privilege user to execute arbitrary commands with root privileges. This is achieved by modifying the script, which is executed with root privileges during system boot and on any interaction.Recommendations
Ensure the
/etc/init.d/lighttpd script has appropriate permissions to prevent unauthorized modification.Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ak-Nord Usb-Server-Lxl
Lighttpd