CVE-2025-29534

Published: Jul 28, 2025

Modified: Jul 28, 2025

PUBLISHED

Description

An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue stems from insufficient sanitization of user-supplied input in the /cgi-bin/cgi_vista.cgi executable, which is passed to a system-level function call.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://wave.com

https://gist.github.com/EmptyButter/19b2c626f4589d1f9d4478632205a9eb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-29534

Description

Affected Products

References