CNNVD-202509-4044 Information

Sep 26, 2025 cve

CNNVD ID

CNNVD-202509-4044

CVE-2025-11045

CNNVD Published: 2025-09-26

Description (Chinese)

WAYOS LQ是中国维盟（WAYOS）公司的一系列行为管理路由器。 WAYOS多款产品存在命令注入漏洞，该漏洞源于对文件/usb_paswd.asp中参数Name的错误操作，可能导致远程命令注入攻击。以下产品及版本受到影响：WAYOS LQ_04、LQ_05、LQ_06、LQ_07和LQ_09 22.03.17版本。

Description (English)

WAYOS LQ is the router for a series of behavioral management by the China League (WAYOS). There is a command-injecting loophole in the WAYOS multi-product, which results from the error of the parameter name in the file/usb passwd.asp, which could lead to a remote command-injection attack. The following products and versions were affected: WAYOS LQ 04, LQ 05, LQ 06, LQ 07 and LQ 09 22.03.17.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

维盟

Published

2025-09-26

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.326082 https://vuldb.com/?id.326082 https://vuldb.com/?submit.658913 https://vuldb.com/?submit.661153 https://vuldb.com/?submit.661168 https://vuldb.com/?submit.661177 https://vuldb.com/?submit.661178 https://www.yuque.com/yuqueyonghuexlgkz/zepczx/ogyduynf84q89x99?singleDoc https://www.yuque.com/yuqueyonghuexlgkz/zepczx/py3shgm1z88g9xp2?singleDoc https://access.redhat.com/security/cve/cve-2025-11045

Share on: