CVE-2025-52361 Information
Aug 02, 2025
cve
Description
Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.
Reference
https://seclists.org/fulldisclosure/2025/Jul/20 https://www.ak-nord.de/usbserver-usb–usb-converter–usb-auf-ethernet–usb-to-ethernet–usb-auf-lan–usb-server–usb-konverter–print-server-80.html
Related CNNVD
CNNVD-202508-052 (Published: 2025-08-01)
Share on: