Vulnerability Description
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization of special elements used in an OS command within the network configuration handler, enabling remote code execution with the highest privileges.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/1ZmZHzJKU-nrhFXd9w94aiGXYYYldtmni/view?usp=shari
- https://pastebin.com/ic8hkC5V
- https://pastebin.com/raw/0U6F55G5
FAQ
What is CVE-2025-50475?
CVE-2025-50475 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname...
How severe is CVE-2025-50475?
CVE-2025-50475 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-50475?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.