CVE-2025-34035

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34035
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cxsecurity.com/issue/WLB-2017060050 Exploit Third Party Advisory
https://packetstormsecurity.com/files/142792 Broken Link
https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service Third Party Advisory
https://www.exploit-db.com/exploits/42114 Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:engeniustech:esr300_firmware:1.1.0.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.3.1.42:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.1.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.7:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:engeniustech:esr350_firmware:1.1.0.29:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.3.1.41:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr350:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:engeniustech:esr600_firmware:1.1.0.50:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.2.1.46:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.3.1.63:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.0.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr600:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:engeniustech:esr900_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.2.2.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.1.26:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.5.18:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr900:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:engeniustech:esr1200_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1200:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:engeniustech:esr1750_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.2.2.27:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1750:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:engeniustech:epg5000_firmware:1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3.17:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.7.20:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.9.21:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:epg5000:-:*:*:*:*:*:*:*
History

09 Jul 2025, 19:08

Type Values Removed Values Added
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php - Exploit, Third Party Advisory
References () https://cxsecurity.com/issue/WLB-2017060050 - () https://cxsecurity.com/issue/WLB-2017060050 - Exploit, Third Party Advisory
References () https://www.exploit-db.com/exploits/42114 - () https://www.exploit-db.com/exploits/42114 - Exploit, Third Party Advisory
References () https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service - () https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service - Third Party Advisory
References () https://packetstormsecurity.com/files/142792 - () https://packetstormsecurity.com/files/142792 - Broken Link
First Time Engeniustech epg5000
Engeniustech esr900
Engeniustech esr600 Firmware
Engeniustech esr1750 Firmware
Engeniustech esr350 Firmware
Engeniustech esr350
Engeniustech esr300
Engeniustech esr600
Engeniustech esr1200
Engeniustech esr1750
Engeniustech epg5000 Firmware
Engeniustech esr300 Firmware
Engeniustech esr900 Firmware
Engeniustech esr1200 Firmware
Engeniustech
CPE cpe:2.3:o:engeniustech:esr600_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.7.20:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr350:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.0.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr600:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:epg5000:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.7:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.1.0.29:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1750:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.2.2.27:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3.17:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.1.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr300:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.2.1.46:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr900:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.2.2.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1200:-:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.3.1.41:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.1.26:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.5.18:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.9.21:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.3.1.42:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.1.0.50:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.3.1.63:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.1.0.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.3:*:*:*:*:*:*:*
CWE CWE-78
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

24 Jun 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-24 01:15

Updated : 2025-07-09 19:08

NVD link : CVE-2025-34035

Mitre link : CVE-2025-34035

JSON object : View

Products Affected

engeniustech

  • esr1750_firmware
  • epg5000
  • esr900_firmware
  • esr300_firmware
  • esr600
  • esr900
  • esr1200_firmware
  • esr350_firmware
  • esr350
  • esr600_firmware
  • esr1200
  • esr300
  • epg5000_firmware
  • esr1750
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')