CVE-2025-3499
The device has two web servers that expose unauthenticated REST APIs on the management network (TCP
ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary
commands that are executed with administrative permissions by the underlying operating system.
ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary
commands that are executed with administrative permissions by the underlying operating system.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-07-09 09:15:27
Güncelleme
2025-07-10 13:17:30
Source Identifier
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
KEV Date Added
-