Back to search
CVE-2025-34044
Published: Jun 26, 2025
Modified: Nov 17, 2025
PUBLISHED
Description
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.
| Vendor | Product | Versions |
|---|---|---|
Shenzhen Lingkong Technology | WIFISKY 7-layer flow control router | affected 0 |
Weaknesses (CWE)
References
http://www.szwifisky.com/
product
https://www.cnvd.org.cn/flaw/show/CNVD-2021-45363
third-party-advisory
https://s4e.io/tools/wifisky-7-layer-flow-control-router-remote-code-execution
third-party-advisory
https://www.variotdbs.pl/vuln/VAR-202107-1715/
third-party-advisory
https://vulncheck.com/advisories/wifisky-flow-control-router-rce
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now