Vulnerability Description
OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
Related Weaknesses (CWE)
References
- https://fluidattacks.com/advisories/bacalao
- https://revers3everything.com/calix-case-five-0-days-five-cves/
- https://www.calix.com
- https://fluidattacks.com/advisories/bacalao
FAQ
What is CVE-2025-54084?
CVE-2025-54084 is a documented vulnerability. OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through ...
How severe is CVE-2025-54084?
CVSS scoring is not yet available for CVE-2025-54084. Check NVD for updates.
Is there a patch for CVE-2025-54084?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.