CNNVD-202512-4846 Information

CNNVD ID

CNNVD-202512-4846

Related CVE

CVE-2025-54322

• CNNVD Published: 2025-12-27

Description (Chinese)

Xspeeder SXZOS是中国神行者（Xspeeder）公司的一个嵌入式网络设备固件。 Xspeeder SXZOS 2025-12-26及之前版本存在安全漏洞，该漏洞源于vLogin.py中chkid参数存在base64编码的Python代码，可能导致远程代码执行。

Description (English)

Xspeder SXZOS is an embedded network device solider of Xspepper. There is a security loophole in Xspeder SXZOS 2025-12-26 and earlier versions, which stems from the fact that the chkid parameter in vLogin.py has a Python code code with a base64 code, which may result in remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

神行者

Published

2025-12-27

Last Modified

2026-02-24

References

https://www.xspeeder.com https://pwn.ai/blog/cve-2025-54322-zeroday-unauthenticated-root-rce-affecting-70-000-hosts https://access.redhat.com/security/cve/cve-2025-54322