CVE-2025-63213

Name of the Vulnerable Software and Affected Versions QVidium Opera11 version 2.9.0-Ax4x-opera11

Description The QVidium Opera11 device is susceptible to Remote Code Execution (RCE) due to insufficient input validation. The issue resides in the /cgi-bin/net ping.cgi API endpoint. An attacker can send a crafted GET request containing a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, potentially granting the attacker full control over the device.

Recommendations QVidium Opera11 version 2.9.0-Ax4x-opera11: At the moment, there is no information about a newer version that contains a fix for this vulnerability.