PT-2026-36808 · 3Onedata · Gw1101-1D(Rs-485)-Tb-P
Jarosław Wawiórko
+1
·
Published
2026-05-04
·
Updated
2026-05-04
·
CVE-2025-13605
CVSS v4.0
9.3
Critical
| Vector | AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) versions prior to 3.0.59B2024080600R4353
Description
Authenticated users can execute arbitrary shell commands with root privileges. This is possible by providing a malicious payload in the "IP address" field of the diagnosis test tools.
Recommendations
Update to firmware version 3.0.59B2024080600R4353.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gw1101-1D(Rs-485)-Tb-P