fkie_nvd - fkie_cve-2025-11073

FKIE_CVE-2025-11073

Vulnerability from fkie_nvd - Published: 2025-09-27 18:15 - Updated: 2025-09-29 19:34

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Summary

A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be launched remotely. The exploit is now public and may be used.

References

	URL	Tags
	cna@vuldb.com	https://github.com/s1nec-1o/cve/blob/main/cve-report.md
	cna@vuldb.com	https://github.com/s1nec-1o/cve/blob/main/cve-report.md#poc
	cna@vuldb.com	https://vuldb.com/?ctiid.326113
	cna@vuldb.com	https://vuldb.com/?id.326113
	cna@vuldb.com	https://vuldb.com/?submit.659933

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be launched remotely. The exploit is now public and may be used."
    }
  ],
  "id": "CVE-2025-11073",
  "lastModified": "2025-09-29T19:34:10.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "MULTIPLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-27T18:15:36.253",
  "references": [
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/s1nec-1o/cve/blob/main/cve-report.md"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/s1nec-1o/cve/blob/main/cve-report.md#poc"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?ctiid.326113"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?id.326113"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?submit.659933"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        },
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-11073 (GCVE-0-2025-11073)

Vulnerability from cvelistv5 – Published: 2025-09-27 18:02 – Updated: 2025-09-29 19:29

Title

Keyfactor RG-EW5100BE HTTP POST Request cmd command injection

Summary

Severity ?

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

4.7 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

CWE

CWE-77 - Command Injection
CWE-74 - Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.326113	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.326113	signaturepermissions-required
	https://vuldb.com/?submit.659933	third-party-advisory
	https://github.com/s1nec-1o/cve/blob/main/cve-report.md	related
	https://github.com/s1nec-1o/cve/blob/main/cve-rep…	exploit

Impacted products

	Vendor	Product	Version
	Keyfactor	RG-EW5100BE	Affected: EW_3.0B11P280_EW5100BE-PRO_12183019

Credits

s1nec (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11073",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T19:29:46.214526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-29T19:29:55.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HTTP POST Request Handler"
          ],
          "product": "RG-EW5100BE",
          "vendor": "Keyfactor",
          "versions": [
            {
              "status": "affected",
              "version": "EW_3.0B11P280_EW5100BE-PRO_12183019"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "s1nec (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be launched remotely. The exploit is now public and may be used."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /cgi-bin/luci/api/cmd der Komponente HTTP POST Request Handler. Die Manipulation des Arguments url f\u00fchrt zu command injection. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-27T18:02:05.180Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-326113 | Keyfactor RG-EW5100BE HTTP POST Request cmd command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.326113"
        },
        {
          "name": "VDB-326113 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.326113"
        },
        {
          "name": "Submit #659933 | Ruijie RG-EW5100BE - EW_3.0B11P280_EW5100BE-PRO_12183019 -  Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.659933"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/s1nec-1o/cve/blob/main/cve-report.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/s1nec-1o/cve/blob/main/cve-report.md#poc"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-26T14:54:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Keyfactor RG-EW5100BE HTTP POST Request cmd command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11073",
    "datePublished": "2025-09-27T18:02:05.180Z",
    "dateReserved": "2025-09-26T12:49:32.473Z",
    "dateUpdated": "2025-09-29T19:29:55.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-11073

CVE-2025-11073 (GCVE-0-2025-11073)

Tags

Sightings

Nomenclature