CVE-2025-34035

UNKNOWN

Published 2025-06-24T01:00:23.862Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-34035. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise.

Available Exploits

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected commands are executed with root privileges, leading to full system compromise.

ID: CVE-2025-34035

Author: intelligent-ears Critical

References:

Related News

No news articles found for this CVE.

Affected Products

EnGenius

EnShare IoT Gigabit Cloud Service

Affected Versions:

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Affected Products (ENISA)

engenius

enshare iot gigabit cloud service

ENISA Scoring

CVSS Score (4.0)

10.0

/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS Score

3.610

probability

ENISA References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php

https://www.exploit-db.com/exploits/42114

https://packetstormsecurity.com/files/142792

https://cxsecurity.com/issue/WLB-2017060050

https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service-command-injection

Data provided by ENISA EU Vulnerability Database. Last updated: June 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-xv32-fpqh-v67r

Advisory Details

CVSS Scoring

CVSS Score

9.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-34035

WEB https://cxsecurity.com/issue/WLB-2017060050

WEB https://packetstormsecurity.com/files/142792

WEB https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service

WEB https://www.exploit-db.com/exploits/42114

WEB https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php

Advisory provided by GitHub Security Advisory Database. Published: June 26, 2025, Modified: July 9, 2025

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php

https://www.exploit-db.com/exploits/42114

https://packetstormsecurity.com/files/142792

https://cxsecurity.com/issue/WLB-2017060050

https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service

Published: 2025-06-24T01:00:23.862Z

Last Modified: 2025-06-24T13:30:48.459Z

Copied to clipboard!

CVE-2025-34035

Expert Analysis

Description

Available Exploits

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

References:

Related News

Affected Products

EnShare IoT Gigabit Cloud Service

Affected Versions:

EU Vulnerability Database

EU Coordination

Exploitation Status

EUVD ID

ENISA Analysis

Affected Products (ENISA)

ENISA Scoring

CVSS Score (4.0)

EPSS Score

ENISA References

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!