- Description
- An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-20
- Hype score
- Not currently trending
CVE-2025-34049 OS Command Injection in OptiLink ONT1GEW GPON Router Firmware V2.1.11 and Earlier https://t.co/TtkEK4UokB
@VulmonFeeds
26 Jun 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34049 An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web managem… https://t.co/RgE9eyoeUa
@CVEnew
26 Jun 2025
294 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-34049: CRITICAL] Critical OS command injection vulnerability found in OptiLink ONT1GEW GPON router firmware V2.1.11_X101 Build 1127.190306 & prior. Attackers can execute commands with root privileg...#cve,CVE-2025-34049,#cybersecurity https://t.co/GH0OJ59v2l https:/
@CveFindCom
26 Jun 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes