CVE-2025-27804 Information

Description

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions.

Reference

https://r.sec-consult.com/echarge