Description
FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is directly interpolated into Juniper NETCONF set-configuration commands at lines 69 and 90 without any validation or sanitization. Line 69: $conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard"). Line 90: $conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32"). An attacker who can control the IP address string can inject additional Juniper CLI configuration commands by embedding newline characters followed by arbitrary set/delete commands. This could modify the router's routing table, firewall filters, user accounts, or any other configuration element accessible via NETCONF. The impact is full router compromise.
Published: 2026-05-26
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

FastNetMon Community Edition versions up to 1.2.9 include a Juniper router integration plug‑in that interpolates an unvalidated string into NETCONF commands. The attacker can supply an IP address containing newline characters followed by arbitrary Juniper CLI statements, allowing the insertion of unconditional configuration changes. This lockstep injection enables the attacker to alter routing tables, firewall filters, user accounts or any other NETCONF‑exposed setting, effectively granting full control over the router in which the plug‑in operates.

Affected Systems

The vulnerability afflicts FastNetMon Community Edition (1.2.9 and earlier) when it is used to manage Juniper routers. Any system running this version of the software in conjunction with a Juniper device is affected; the Juniper router itself is the ultimate target of the injected configuration changes.

Risk and Exploitability

Because the flaw allows arbitrary NETCONF commands to be executed, it poses an extremely high risk of complete device compromise. The CVSS score 8.1 reflects a high severity assessment. The EPSS score is < 1%, and the vulnerability is not currently listed in the CISA KEV catalog, but the lack of validation provides a clear attack vector for an adversary with access to the FastNetMon command line. This combination of high CVSS score and an exposed command interface indicates a high‑severity risk that warrants urgent action.

Generated by OpenCVE AI on May 27, 2026 at 20:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FastNetMon Community Edition to a version that removes the injection vulnerability.
  • If an upgrade is not feasible, disable the Juniper integration plug‑in in the FastNetMon configuration to eliminate the exploitation surface.
  • Restrict NETCONF access on Juniper routers to a closed, whitelisted management network and eliminate any public exposure of the Juniper switch ports used by FastNetMon.

Generated by OpenCVE AI on May 27, 2026 at 20:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 21:15:00 +0000

Type Values Removed Values Added
Title FastNetMon Juniper NETCONF Configuration Injection

Wed, 27 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
CPEs cpe:2.3:a:pavel-odintsov:fastnetmon:*:*:*:*:community:*:*:*

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Pavel-odintsov
Pavel-odintsov fastnetmon
Vendors & Products Pavel-odintsov
Pavel-odintsov fastnetmon

Tue, 26 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title Configuration Injection in FastNetMon Juniper NETCONF Plugin Enables Router Compromise
Weaknesses CWE-20

Tue, 26 May 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title Configuration Injection in FastNetMon Juniper NETCONF Plugin Enables Router Compromise
Weaknesses CWE-20
CWE-78

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is directly interpolated into Juniper NETCONF set-configuration commands at lines 69 and 90 without any validation or sanitization. Line 69: $conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard"). Line 90: $conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32"). An attacker who can control the IP address string can inject additional Juniper CLI configuration commands by embedding newline characters followed by arbitrary set/delete commands. This could modify the router's routing table, firewall filters, user accounts, or any other configuration element accessible via NETCONF. The impact is full router compromise.
References

Subscriptions

Pavel-odintsov Fastnetmon
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-26T20:27:50.669Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48694

cve-icon Vulnrichment

Updated: 2026-05-26T20:27:37.976Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T18:16:52.840

Modified: 2026-05-27T15:53:52.800

Link: CVE-2026-48694

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T21:00:14Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')