PT-2025-31941 · Firstnum · Firstnum Jc21A-04

Actuator

Published

2025-08-05

Updated

2025-08-05

CVE-2025-43979

Report an issue

CVSS v3.1

7.4

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions:

FIRSTNUM JC21A-04 devices versions through 2.01ME/FN

Description:

An issue allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the `xml action.cgi?method=` endpoint.

Recommendations:

Update FIRSTNUM JC21A-04 devices to a version later than 2.01ME/FN.

Exploit

Fix

OS Command Injection

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2025-43979

Affected Products

Firstnum Jc21A-04

PT-2025-31941 · Firstnum · Firstnum Jc21A-04

Weakness Enumeration

Related Identifiers

Affected Products

References · 4