{“lastseen”:””,”description”:”An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation (‘Code Injection\u2019).”,”published”:”2026-01-13T07:48:19.811Z”,”modified”:”2026-01-13T07:48:19.811Z”,”type”:”cve”,”title”:”Config-Upload Code Injection”,”source”:”CERTVDE”,”references”:”https:\/\/certvde.com\/de\/advisories\/VDE-2025-073″,”id”:”CVE-2025-41717″,”bulletinFamily”:””,”cwe”:[“CWE-94″],”cvelist”:null,”sourceData”:”Phoenix Contact TC ROUTER 3002T-3G 0.0.0\\nPhoenix Contact TC ROUTER 2002T-3G 0.0.0\\nPhoenix Contact TC ROUTER 3002T-4G 0.0.0\\nPhoenix Contact TC ROUTER 3002T-4G GL 0.0.0\\nPhoenix Contact TC ROUTER 5004T-5G EU 0.0.0\\nPhoenix Contact TC ROUTER 3002T-4G VZW 0.0.0\\nPhoenix Contact TC ROUTER 3002T-4G ATT 0.0.0\\nPhoenix Contact TC ROUTER 2002T-4G 0.0.0\\nPhoenix Contact CLOUD CLIENT 1101T-TX\/TX 0.0.0\\nPhoenix Contact TC CLOUD CLIENT 1002-4G ATT 0.0.0\\nPhoenix Contact TC CLOUD CLIENT 1002-TX\/TX 0.0.0″,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”TC ROUTER 3002T-3G”,”version”:”0.0.0″,”vendor”:”Phoenix Contact”,”ai_description”:”Code injection vulnerability in Phoenix Contact products due to improper control of code generation, allowing remote attackers to inject malicious code as root, resulting in total loss of confidentiality, availability, and integrity.”,”ai_severity”:”High”,”ai_vendor”:”Phoenix Contact”,”ai_product”:”TC ROUTER 3002T-3G, TC ROUTER 2002T-3G, TC ROUTER 3002T-4G, TC ROUTER 3002T-4G GL, TC ROUTER 5004T-5G EU, TC ROUTER 3002T-4G VZW, TC ROUTER 3002T-4G ATT, TC ROUTER 2002T-4G, CLOUD CLIENT 1101T-TX\/TX, TC CLOUD CLIENT 1002-4G ATT, TC CLOUD CLIENT 1002-TX\/TX”,”ai_version”:”0.0.0″,”ai_score”:8.8}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,41,12,15,13,7,11,5],"class_list":["post-35236","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n