PT-2026-39981 · Ruggedcom · Rox Rx1524+10
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2025-40949
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RUGGEDCOM ROX MX5000 versions prior to V2.17.1
RUGGEDCOM ROX MX5000RE versions prior to V2.17.1
RUGGEDCOM ROX RX1400 versions prior to V2.17.1
RUGGEDCOM ROX RX1500 versions prior to V2.17.1
RUGGEDCOM ROX RX1501 versions prior to V2.17.1
RUGGEDCOM ROX RX1510 versions prior to V2.17.1
RUGGEDCOM ROX RX1511 versions prior to V2.17.1
RUGGEDCOM ROX RX1512 versions prior to V2.17.1
RUGGEDCOM ROX RX1524 versions prior to V2.17.1
RUGGEDCOM ROX RX1536 versions prior to V2.17.1
RUGGEDCOM ROX RX5000 versions prior to V2.17.1
Description
Improper sanitization of user-supplied input in the Scheduler functionality of the Web UI allows commands to be injected into the task scheduling backend. This enables an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.
Recommendations
Update to version V2.17.1 or later for all affected models.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rox Mx5000
Rox Mx5000Re
Rox Rx1400
Rox Rx1500
Rox Rx1501
Rox Rx1510
Rox Rx1511
Rox Rx1512
Rox Rx1524
Rox Rx1536
Rox Rx5000