CVE-2025-34035

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34035
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cxsecurity.com/issue/WLB-2017060050 Exploit Third Party Advisory
https://packetstormsecurity.com/files/142792 Broken Link
https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service Third Party Advisory
https://www.exploit-db.com/exploits/42114 Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:engeniustech:esr300_firmware:1.1.0.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.3.1.42:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.1.28:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.7:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr300_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:engeniustech:esr350_firmware:1.1.0.29:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.3.1.41:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr350_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr350:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:engeniustech:esr600_firmware:1.1.0.50:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.2.1.46:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.3.1.63:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.0.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.9:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr600_firmware:1.4.11:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr600:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:engeniustech:esr900_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.2.2.23:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.1.26:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.3.5.18:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr900_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr900:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:engeniustech:esr1200_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1200_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1200:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:engeniustech:esr1750_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.2.2.27:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.3.1.34:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:esr1750_firmware:1.4.5:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:esr1750:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:engeniustech:epg5000_firmware:1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.2:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.3.17:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.7.20:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:epg5000_firmware:1.3.9.21:*:*:*:*:*:*:*
cpe:2.3:h:engeniustech:epg5000:-:*:*:*:*:*:*:*
History

20 Nov 2025, 22:15

Type Values Removed Values Added
Summary (en) An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2025-08-27 UTC. (en) An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.

17 Nov 2025, 22:15

Type Values Removed Values Added
Summary (en) An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. (en) An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2025-08-27 UTC.
CWE CWE-20
Information

Published : 2025-06-24 01:15

Updated : 2025-11-20 22:15

NVD link : CVE-2025-34035

Mitre link : CVE-2025-34035

CVE.ORG link : CVE-2025-34035

JSON object : View

Products Affected

engeniustech

  • esr300
  • esr900
  • esr1750_firmware
  • esr1750
  • esr300_firmware
  • esr900_firmware
  • epg5000
  • esr350
  • esr350_firmware
  • esr1200_firmware
  • epg5000_firmware
  • esr1200
  • esr600
  • esr600_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')