CVE-2025-44179 — MEDIUM (6.5)

Vulnerability Description

Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker can exploit this vulnerability by injecting arbitrary commands through the telnet interface when prompted for inputs or commands. Successful exploitation could lead to remote code execution (RCE) under the privileges of the telnet user, potentially allowing unauthorized access to system settings and sensitive information.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-77

References

https://gist.github.com/stevenyu113228/d4271c2d5243e515e8a35a8e224de103

FAQ

What is CVE-2025-44179?

CVE-2025-44179 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An a...

How severe is CVE-2025-44179?

CVE-2025-44179 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-44179?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.