CVE-2025-34035 Information

Description

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges leading to full system compromise.

Reference

https://cxsecurity.com/issue/WLB-2017060050 https://packetstormsecurity.com/files/142792 https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service https://www.exploit-db.com/exploits/42114 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php

Related CNNVD

CNNVD-202506-3020 (Published: 2025-06-24)