CVE-2025-22906

Name of the Vulnerable Software and Affected Versions RE11S version 1.11

Description A command injection issue was discovered via the L2TPUserName parameter at the "/goform/setWAN" API endpoint. This allows for potential command injection attacks.

Recommendations For RE11S version 1.11, as a temporary workaround, consider restricting access to the /goform/setWAN API endpoint until a patch is available. Avoid using the L2TPUserName parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.