CVE-2025-64093
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
CVE-2025-64092
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.