PT-2026-39980 · Ruggedcom · Rox Rx1510+10

Published

2026-05-12

Updated

2026-05-12

CVE-2025-40947

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX MX5000 versions prior to V2.17.1 RUGGEDCOM ROX MX5000RE versions prior to V2.17.1 RUGGEDCOM ROX RX1400 versions prior to V2.17.1 RUGGEDCOM ROX RX1500 versions prior to V2.17.1 RUGGEDCOM ROX RX1501 versions prior to V2.17.1 RUGGEDCOM ROX RX1510 versions prior to V2.17.1 RUGGEDCOM ROX RX1511 versions prior to V2.17.1 RUGGEDCOM ROX RX1512 versions prior to V2.17.1 RUGGEDCOM ROX RX1524 versions prior to V2.17.1 RUGGEDCOM ROX RX1536 versions prior to V2.17.1 RUGGEDCOM ROX RX5000 versions prior to V2.17.1

Description Improper sanitization of user-supplied input during the feature key installation process allows an authenticated remote attacker to inject arbitrary commands. This can lead to remote code execution with root privileges on the underlying operating system.

Recommendations Update to version V2.17.1 or later.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2025-40947

Affected Products

Rox Mx5000

Rox Mx5000Re

Rox Rx1400

Rox Rx1500

Rox Rx1501

Rox Rx1510

Rox Rx1511

Rox Rx1512

Rox Rx1524

Rox Rx1536

Rox Rx5000

PT-2026-39980 · Ruggedcom · Rox Rx1510+10

CVE-2025-40947

Weakness Enumeration

Related Identifiers

Affected Products

References · 3