CVE-2025-43953

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.16

Description The web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. The affected functionality is accessible through the web interface. The vulnerable fields are related to network diagnostics, specifically the ping and traceroute functionalities.

Recommendations Apply a fix that prevents the execution of arbitrary code through the ping or traceroute fields on the TCP/IP screen.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2025-43953

Affected Products

2Wcom Ip-4C

CVE-2025-43953

Weakness Enumeration

Related Identifiers

Affected Products

References · 4