- Description
- The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system.
- Source
- a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
- CWE-78
- Hype score
- Not currently trending
CVE-2025-3499 (CVSS:10.0, CRITICAL) is Awaiting Analysis. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086)..https://t.co/NBIbdluNYB #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3499 The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these … https://t.co/9dFyand5Dx
@CVEnew
9 Jul 2025
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3499: CRITICAL] Device's unauthenticated REST APIs (ports 8084 & 8086) vulnerable to OS command injection. Attackers can send admin-level commands through APIs. #CyberSecurity#cve,CVE-2025-3499,#cybersecurity https://t.co/2V0zS508x5 https://t.co/cCLhzI3y6W
@CveFindCom
9 Jul 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes