PT-2026-2351 · Phoenix Contact · Cloud Client 1101T-Tx/Tx+9
Published
2026-01-13
·
Updated
2026-02-05
·
CVE-2025-41717
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
versions prior to 2025-41717
Description
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the
config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation. The vulnerable API endpoint is /config-upload. The attack involves manipulating a high privileged user into uploading a malicious payload. This can lead to root-level code injection.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloud Client 1101T-Tx/Tx
Tc Cloud Client 1002-4G
Tc Cloud Client 1002-Txtx
Tc Router 2002T-3G
Tc Router 2002T-4G
Tc Router 3002T-3G
Tc Router 3002T-4G
Tc Router 3002T-4G Att
Tc Router 3002T-4G Vzw
Tc Router 5004T-5G Eu