CVE-2025-43978

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/actuator/cve/blob/main/Jointelli/CVE-2025-43978.txt", "name": "https://github.com/actuator/cve/blob/main/Jointelli/CVE-2025-43978.txt", "tags": [], "refsource": ""}, {"url": "https://github.com/actuator/cve/tree/main/Jointelli", "name": "https://github.com/actuator/cve/tree/main/Jointelli", "tags": [], "refsource": ""}, {"url": "https://www.jointelli.com/cpe/5g-cpe-evo-4.html", "name": "https://www.jointelli.com/cpe/5g-cpe-evo-4.html", "tags": [], "refsource": ""}, {"url": "https://www.jointelli.com/product/25H01", "name": "https://www.jointelli.com/product/25H01", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-43978", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2025-08-05T17:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-05T21:06Z"}