ByteOS Network

NVD Vulnerability Details :

CVE-2025-43978

Awaiting Analysis

Source-cve@mitre.org

Published At-05 Aug, 2025 | 17:15

Updated At-05 Aug, 2025 | 21:06

Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 7.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-78	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-78

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://github.com/actuator/cve/blob/main/Jointelli/CVE-2025-43978.txt	cve@mitre.org	N/A
https://github.com/actuator/cve/tree/main/Jointelli	cve@mitre.org	N/A
https://www.jointelli.com/cpe/5g-cpe-evo-4.html	cve@mitre.org	N/A
https://www.jointelli.com/product/25H01	cve@mitre.org	N/A