CVE-2025-1036

Name of the Vulnerable Software and Affected Versions TropOS 4th Gen (affected versions not specified)

Description A command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS. This can lead to obtaining root SSH access to the device. The vulnerable page is the “Logging” page, and the vulnerability allows execution of commands on the OS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.