Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2025-34035

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.

Published: Jun 24, 2025
Updated: Nov 21, 2025
CVE: CVE-2025-34035
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
engeniustech / esr300_firmware	1.1.0.28	1.1.0.28.x
engeniustech / esr300_firmware	1.3.1.42	1.3.1.42.x
engeniustech / esr300_firmware	1.4.0	1.4.0.x
engeniustech / esr300_firmware	1.4.1.28	1.4.1.28.x
engeniustech / esr300_firmware	1.4.2	1.4.2.x
engeniustech / esr300_firmware	1.4.7	1.4.7.x
engeniustech / esr300_firmware	1.4.9	1.4.9.x
engeniustech / esr350_firmware	1.1.0.29	1.1.0.29.x
engeniustech / esr350_firmware	1.3.1.41	1.3.1.41.x
engeniustech / esr350_firmware	1.4.0	1.4.0.x
engeniustech / esr350_firmware	1.4.2	1.4.2.x
engeniustech / esr350_firmware	1.4.5	1.4.5.x
engeniustech / esr350_firmware	1.4.9	1.4.9.x
engeniustech / esr350_firmware	1.4.11	1.4.11.x
engeniustech / esr600_firmware	1.1.0.50	1.1.0.50.x
engeniustech / esr600_firmware	1.2.1.46	1.2.1.46.x
engeniustech / esr600_firmware	1.3.1.63	1.3.1.63.x
engeniustech / esr600_firmware	1.4.0.23	1.4.0.23.x
engeniustech / esr600_firmware	1.4.1	1.4.1.x
engeniustech / esr600_firmware	1.4.2	1.4.2.x
engeniustech / esr600_firmware	1.4.3	1.4.3.x
engeniustech / esr600_firmware	1.4.5	1.4.5.x
engeniustech / esr600_firmware	1.4.9	1.4.9.x
engeniustech / esr600_firmware	1.4.11	1.4.11.x
engeniustech / esr900_firmware	1.1.0	1.1.0.x
engeniustech / esr900_firmware	1.2.2.23	1.2.2.23.x
engeniustech / esr900_firmware	1.3.0	1.3.0.x
engeniustech / esr900_firmware	1.3.1.26	1.3.1.26.x
engeniustech / esr900_firmware	1.3.5.18	1.3.5.18.x
engeniustech / esr900_firmware	1.4.0	1.4.0.x
engeniustech / esr900_firmware	1.4.3	1.4.3.x
engeniustech / esr900_firmware	1.4.5	1.4.5.x
engeniustech / esr1200_firmware	1.1.0	1.1.0.x
engeniustech / esr1200_firmware	1.3.1.34	1.3.1.34.x
engeniustech / esr1200_firmware	1.4.1	1.4.1.x
engeniustech / esr1200_firmware	1.4.3	1.4.3.x
engeniustech / esr1200_firmware	1.4.5	1.4.5.x
engeniustech / esr1750_firmware	1.1.0	1.1.0.x
engeniustech / esr1750_firmware	1.2.2.27	1.2.2.27.x
engeniustech / esr1750_firmware	1.3.0	1.3.0.x
engeniustech / esr1750_firmware	1.3.1.34	1.3.1.34.x
engeniustech / esr1750_firmware	1.4.0	1.4.0.x
engeniustech / esr1750_firmware	1.4.1	1.4.1.x
engeniustech / esr1750_firmware	1.4.3	1.4.3.x
engeniustech / esr1750_firmware	1.4.5	1.4.5.x
engeniustech / epg5000_firmware	1.2.0	1.2.0.x
engeniustech / epg5000_firmware	1.3.0	1.3.0.x
engeniustech / epg5000_firmware	1.3.2	1.3.2.x
engeniustech / epg5000_firmware	1.3.3	1.3.3.x
engeniustech / epg5000_firmware	1.3.3.17	1.3.3.17.x
engeniustech / epg5000_firmware	1.3.7.20	1.3.7.20.x
engeniustech / epg5000_firmware	1.3.9.21	1.3.9.21.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo