Details of VAR-201707-1348

ID

VAR-201707-1348

CVE

CVE-2025-34035

TITLE

plural EnGenius Technologies In the product OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-009848

DESCRIPTION

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC. ESR300 firmware, ESR350 firmware, ESR600 firmware etc. (DoS) It may be in a state. EnGenius Enshare is a USB media storage sharing application. Allows an attacker to exploit a vulnerability to execute arbitrary code. With the EnGenius IoT Gigabit Routers and free EnShare app, use your iPhone, iPad or Android-based tablet or smartphone to transfer video, music and other files to and from a router-attached USB hard drive. The EnShare feature allows you to access media content stored on a USB hard drive connected to the router's USB port in the home and when you are away from home when you have access to the Internet

Trust: 2.25

sources: NVD: CVE-2025-34035 // JVNDB: JVNDB-2025-009848 // CNVD: CNVD-2017-13571 // ZSL: ZSL-2017-5413

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-13571

AFFECTED PRODUCTS

vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.4.0.23	Trust: 1.0
vendor:	engeniustech	model:	esr350	scope:	eq	version:	1.4.5	Trust: 1.0
vendor:	engeniustech	model:	esr300	scope:	eq	version:	1.4.7	Trust: 1.0
vendor:	engeniustech	model:	esr1200	scope:	eq	version:	1.4.1	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.4.5	Trust: 1.0
vendor:	engeniustech	model:	esr300	scope:	eq	version:	1.4.1.28	Trust: 1.0
vendor:	engeniustech	model:	esr1750	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	engeniustech	model:	esr900	scope:	eq	version:	1.2.2.23	Trust: 1.0
vendor:	engeniustech	model:	esr900	scope:	eq	version:	1.3.1.26	Trust: 1.0
vendor:	engeniustech	model:	esr900	scope:	eq	version:	1.3.5.18	Trust: 1.0
vendor:	engeniustech	model:	esr1750	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	engeniustech	model:	esr350	scope:	eq	version:	1.4.11	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.3.1.63	Trust: 1.0
vendor:	engeniustech	model:	esr350	scope:	eq	version:	1.4.9	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.4.11	Trust: 1.0
vendor:	engeniustech	model:	esr900	scope:	eq	version:	1.4.3	Trust: 1.0
vendor:	engeniustech	model:	esr350	scope:	eq	version:	1.3.1.41	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.4.9	Trust: 1.0
vendor:	engeniustech	model:	esr1200	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.2.1.46	Trust: 1.0
vendor:	engeniustech	model:	esr1750	scope:	eq	version:	1.4.0	Trust: 1.0
vendor:	engeniustech	model:	esr300	scope:	eq	version:	1.4.0	Trust: 1.0
vendor:	engeniustech	model:	esr350	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	engeniustech	model:	esr1750	scope:	eq	version:	1.4.5	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.4.3	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.1.0.50	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	engeniustech	model:	esr300	scope:	eq	version:	1.3.1.42	Trust: 1.0
vendor:	engeniustech	model:	esr600	scope:	eq	version:	1.4.1	Trust: 1.0
vendor:	engeniustech	model:	epg5000	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	engeniustech	model:	epg5000	scope:	eq	version:	1.3.3.17	Trust: 1.0
vendor:	engeniustech	model:	esr1750	scope:	eq	version:	1.3.1.34	Trust: 1.0
vendor:	engeniustech	model:	epg5000	scope:	eq	version:	1.3.3	Trust: 1.0
vendor:	engeniustech	model:	esr1200	scope:	eq	version:	1.4.5	Trust: 1.0
vendor:	engeniustech	model:	epg5000	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	engeniustech	model:	esr300	scope:	eq	version:	1.1.0.28	Trust: 1.0
vendor:	engeniustech	model:	esr900	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	engeniustech	model:	esr900	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	engeniustech	model:	esr300	scope:	eq	version:	1.4.9	Trust: 1.0
vendor:	engeniustech	model:	esr1750	scope:	eq	version:	1.2.2.27	Trust: 1.0
vendor:	engeniustech	model:	esr1200	scope:	eq	version:	1.3.1.34	Trust: 1.0
vendor:	engeniustech	model:	esr1750	scope:	eq	version:	1.4.3	Trust: 1.0
vendor:	engeniustech	model:	epg5000	scope:	eq	version:	1.3.9.21	Trust: 1.0
vendor:	engeniustech	model:	epg5000	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	engeniustech	model:	esr300	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	engeniustech	model:	epg5000	scope:	eq	version:	1.3.7.20	Trust: 1.0
vendor:	engeniustech	model:	esr350	scope:	eq	version:	1.1.0.29	Trust: 1.0
vendor:	engeniustech	model:	esr900	scope:	eq	version:	1.4.0	Trust: 1.0
vendor:	engeniustech	model:	esr1750	scope:	eq	version:	1.4.1	Trust: 1.0
vendor:	engeniustech	model:	esr900	scope:	eq	version:	1.4.5	Trust: 1.0
vendor:	engeniustech	model:	esr350	scope:	eq	version:	1.4.0	Trust: 1.0
vendor:	engeniustech	model:	esr1200	scope:	eq	version:	1.4.3	Trust: 1.0
vendor:	engenius	model:	epg5000	scope:	-	version:	-	Trust: 0.8
vendor:	engenius	model:	esr1200	scope:	-	version:	-	Trust: 0.8
vendor:	engenius	model:	esr600	scope:	-	version:	-	Trust: 0.8
vendor:	engenius	model:	esr350	scope:	-	version:	-	Trust: 0.8
vendor:	engenius	model:	esr300	scope:	-	version:	-	Trust: 0.8
vendor:	engenius	model:	esr1750	scope:	-	version:	-	Trust: 0.8
vendor:	engenius	model:	esr900	scope:	-	version:	-	Trust: 0.8
vendor:	engenius	model:	enshare iot gigabit cloud service	scope:	eq	version:	1.4.11	Trust: 0.6
vendor:	engenius	model:	enshare iot gigabit cloud service	scope:	eq	version:	1.1.0)	Trust: 0.3
vendor:	engenius	model:	enshare iot gigabit cloud service	scope:	eq	version:	1.1.0.28)	Trust: 0.1
vendor:	engenius	model:	enshare iot gigabit cloud service	scope:	eq	version:	1.1.0.29)	Trust: 0.1
vendor:	engenius	model:	enshare iot gigabit cloud service	scope:	eq	version:	1.1.0.50)	Trust: 0.1
vendor:	engenius	model:	enshare iot gigabit cloud service	scope:	eq	version:	1.2.0)	Trust: 0.1

sources: ZSL: ZSL-2017-5413 // CNVD: CNVD-2017-13571 // JVNDB: JVNDB-2025-009848 // NVD: CVE-2025-34035

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-34035
value:	CRITICAL
Trust: 1.0
disclosure@vulncheck.com:	CVE-2025-34035
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-34035
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-13571
value:	HIGH
Trust: 0.6
ZSL:	ZSL-2017-5413
value:	(5/5)
Trust: 0.1

CNVD:	CNVD-2017-13571
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-34035
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-34035
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZSL: ZSL-2017-5413 // CNVD: CNVD-2017-13571 // JVNDB: JVNDB-2025-009848 // NVD: CVE-2025-34035 // NVD: CVE-2025-34035

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009848 // NVD: CVE-2025-34035

TYPE

Local/Remote,System Access

Trust: 0.1

sources: ZSL: ZSL-2017-5413

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2017-5413

EXTERNAL IDS

db:	NVD	id:	CVE-2025-34035	Trust: 2.6
db:	EXPLOIT-DB	id:	42114	Trust: 2.5
db:	CXSECURITY	id:	WLB-2017060050	Trust: 1.9
db:	ZSL	id:	ZSL-2017-5413	Trust: 1.9
db:	PACKETSTORM	id:	142792	Trust: 1.1
db:	JVNDB	id:	JVNDB-2025-009848	Trust: 0.8
db:	EXPLOITDB	id:	42114	Trust: 0.6
db:	CNVD	id:	CNVD-2017-13571	Trust: 0.6

sources: ZSL: ZSL-2017-5413 // CNVD: CNVD-2017-13571 // JVNDB: JVNDB-2025-009848 // NVD: CVE-2025-34035

REFERENCES

url:	https://cxsecurity.com/issue/wlb-2017060050	Trust: 1.9
url:	https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service	Trust: 1.8
url:	https://www.exploit-db.com/exploits/42114	Trust: 1.8
url:	https://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5413.php	Trust: 1.8
url:	https://packetstormsecurity.com/files/142792	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2025-34035	Trust: 0.8
url:	https://www.exploit-db.com/exploits/42114/	Trust: 0.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/127026	Trust: 0.1
url:	https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27&title=esr900	Trust: 0.1
url:	https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27&title=esr600	Trust: 0.1
url:	https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27&title=epg5000	Trust: 0.1
url:	http://www.vfocus.net/art/20170606/13644.html	Trust: 0.1
url:	https://badpackets.net/engenius-routers-found-in-mirai-like-botnet/	Trust: 0.1

sources: ZSL: ZSL-2017-5413 // CNVD: CNVD-2017-13571 // JVNDB: JVNDB-2025-009848 // NVD: CVE-2025-34035

CREDITS

Vulnerability discovered by Gjoko Krstic

Trust: 0.1

sources: ZSL: ZSL-2017-5413

SOURCES

db:	ZSL	id:	ZSL-2017-5413
db:	CNVD	id:	CNVD-2017-13571
db:	JVNDB	id:	JVNDB-2025-009848
db:	NVD	id:	CVE-2025-34035

LAST UPDATE DATE

2025-11-21T23:24:14.983000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2017-5413	date:	2020-02-11T00:00:00
db:	CNVD	id:	CNVD-2017-13571	date:	2017-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-009848	date:	2025-07-25T02:44:00
db:	NVD	id:	CVE-2025-34035	date:	2025-11-20T22:15:56.183

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2017-5413	date:	2017-06-04T00:00:00
db:	CNVD	id:	CNVD-2017-13571	date:	2017-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-009848	date:	2025-07-25T00:00:00
db:	NVD	id:	CVE-2025-34035	date:	2025-06-24T01:15:24.763