CNNVD-202506-3020 Information

Jun 24, 2025 cve

CNNVD ID

CNNVD-202506-3020

CVE-2025-34035

CNNVD Published: 2025-06-24

Description (Chinese)

EnGenius EnShare Cloud Service是美国EnGenius公司的一款云端网络管理平台。 EnGenius EnShare Cloud Service 1.4.11及之前版本存在操作系统命令注入漏洞，该漏洞源于usbinteract.cgi脚本中path参数未清理导致OS命令注入攻击。

Description (English)

EnGenius Enshare Cloud Service is a cloud-based network management platform for EnGenius, United States. EnGenius Enshare Cloud Service 1.4.11 and earlier versions had an operational system command leak that originated from the failure to clear the path parameters in the Usbinteract.cgi script, which led to the OS command injection attack.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

EnGenius

Published

2025-06-24

Last Modified

2026-02-24

References

https://packetstormsecurity.com/files/142792 https://cxsecurity.com/issue/WLB-2017060050 https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service https://www.exploit-db.com/exploits/42114 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php https://access.redhat.com/security/cve/cve-2025-34035

Share on: