CVE-2025-27804

Medium CVSS: 6.5

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions.

Vendor

Product

CWE

CWE-78

Yayın Tarihi

2025-05-21 12:16:21

Güncelleme

2025-11-03 20:18:07

Source Identifier

551230f0-3615-47bd-b7cc-93e92e730bbf

KEV Date Added

Kategoriler

CWE-78 MEDIUM 2025

Referanslar

https://r.sec-consult.com/echarge http://seclists.org/fulldisclosure/2025/May/23