Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2025-34035
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-10||CRITICAL
EPSS-16.24% / 94.56%
||
7 Day CHG+12.63%
Published-24 Jun, 2025 | 01:00
Updated-09 Jul, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EnGenius EnShare IoT Gigabit Cloud Service Command Injection

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise.

Action-Not Available
Vendor-engeniustechEnGenius
Product-esr600_firmwareepg5000_firmwareesr350_firmwareesr1750epg5000esr900_firmwareesr300_firmwareesr350esr1750_firmwareesr900esr300esr1200esr1200_firmwareesr600EnShare IoT Gigabit Cloud Service
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')