Vulnerability Description
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.
Related Weaknesses (CWE)
References
- http://www.szwifisky.com/
- https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilit
- https://s4e.io/tools/wifisky-7-layer-flow-control-router-remote-code-execution
- https://vulncheck.com/advisories/wifisky-flow-control-router-rce
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-45363
- https://www.variotdbs.pl/vuln/VAR-202107-1715/
FAQ
What is CVE-2025-34044?
CVE-2025-34044 is a documented vulnerability. A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input ...
How severe is CVE-2025-34044?
CVSS scoring is not yet available for CVE-2025-34044. Check NVD for updates.
Is there a patch for CVE-2025-34044?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.