CVE-2025-2071
Published: Mar 31, 2025
Modified: Mar 31, 2025
Description
A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".
| Vendor | Product | Versions |
|---|---|---|
FAST LTA | FAST LTA Silent Brick WebUI | affected WebUI Release 2.45 (Linux 5.4.109-gentoo-FAST) - < 2.63.04 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now