Keyfactor RG-EW5100BE HTTP POST Request cmd command injection_CVE-2025-11073

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be launched remotely. The exploit is now public and may be used.

Basic Information

ID CVE-2025-11073

Source VulDB

Published Sep 27, 2025 at 18:02

Affected Product

Vendor Keyfactor

Product RG-EW5100BE

Version EW_3.0B11P280_EW5100BE-PRO_12183019

Affected Versions Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be launched remotely. The exploit is now public and may be used.",
    "published": "2025-09-27T18:02:05.180Z",
    "modified": "2025-09-27T18:02:05.180Z",
    "type": "cve",
    "title": "Keyfactor RG-EW5100BE HTTP POST Request cmd command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.326113\nhttps://vuldb.com/?ctiid.326113\nhttps://vuldb.com/?submit.659933\nhttps://github.com/s1nec-1o/cve/blob/main/cve-report.md\nhttps://github.com/s1nec-1o/cve/blob/main/cve-report.md#poc",
    "id": "CVE-2025-11073",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RG-EW5100BE",
    "version": "EW_3.0B11P280_EW5100BE-PRO_12183019",
    "vendor": "Keyfactor",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}