{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-34029", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.546Z", "datePublished": "2025-06-20T18:38:15.689Z", "dateUpdated": "2025-11-20T21:25:52.458Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Web Management Interface (syscmd.asp system command interface)"], "product": "Edimax EW-7438RPn Mini", "vendor": "Edimax", "versions": [{"lessThanOrEqual": "1.13", "status": "affected", "version": "0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ew-7438rpn_mini_v2:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.13", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Besim Altinok"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC."}], "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.4, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-11-20T21:25:52.458Z"}, "references": [{"tags": ["product"], "url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/"}, {"tags": ["third-party-advisory", "exploit"], "url": "https://www.exploit-db.com/exploits/48377"}, {"tags": ["third-party-advisory"], "url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_known-exploited-vulnerability"], "title": "Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp", "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-23T20:41:13.971995Z", "id": "CVE-2025-34029", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T20:41:36.630Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34029", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-23T20:41:13.971995Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T20:41:23.047Z"}}], "cna": {"tags": ["x_known-exploited-vulnerability"], "title": "Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Besim Altinok"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Edimax", "modules": ["Web Management Interface (syscmd.asp system command interface)"], "product": "Edimax EW-7438RPn Mini", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.13"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/", "tags": ["product"]}, {"url": "https://www.exploit-db.com/exploits/48377", "tags": ["third-party-advisory", "exploit"]}, {"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163", "tags": ["third-party-advisory"]}, {"url": "https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.", "supportingMedia": [{"type": "text/html", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ew-7438rpn_mini_v2:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.13", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-11-20T21:25:52.458Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34029", "state": "PUBLISHED", "dateUpdated": "2025-11-20T21:25:52.458Z", "dateReserved": "2025-04-15T19:15:22.546Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-06-20T18:38:15.689Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82AD0A5F-41F6-480D-AF55-88F0F768B669", "versionEndIncluding": "1.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ew-7438rpn_mini:-:*:*:*:*:*:*:*", "matchCriteriaId": "883D1C81-1FD3-45CE-B1D8-85E760F4FF14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el firmware 1.13 y anteriores del Edimax EW-7438RPn Mini a trav\u00e9s del controlador de formularios syscmd.asp. El endpoint /goform/formSysCmd expone una interfaz de comandos del sistema mediante el par\u00e1metro sysCmd. Un atacante remoto autenticado puede enviar comandos de shell arbitrarios directamente, lo que resulta en la ejecuci\u00f3n del comando como usuario root."}], "id": "CVE-2025-34029", "lastModified": "2025-11-20T22:15:55.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-06-20T19:15:37.210", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/48377"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2025-06-23T08:20:14.290497+00:00", "updated": "2025-06-23T08:20:14.290612+00:00", "vendors": ["edimax", "edimax$PRODUCT$ew-7438rpn_mini"]}