Details of VAR-202107-1715

ID

VAR-202107-1715

CVE

CVE-2025-34044

TITLE

WIFISKY 7-layer flow control router has command execution vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-45363

DESCRIPTION

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Shenzhen Airspace Technology Co., Ltd. ("Airspace Technology" for short) is a network communication equipment supplier rooted in Shenzhen and radiating the world. An attacker can use this vulnerability to gain control of the server

Trust: 1.44

sources: NVD: CVE-2025-34044 // CNVD: CNVD-2021-45363

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-45363

AFFECTED PRODUCTS

vendor:

airspace

model:

wifisky 7-layer flow control router

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-45363

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2025-34044
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2021-45363
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-45363
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-45363 // NVD: CVE-2025-34044

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-78	Trust: 1.0

sources: NVD: CVE-2025-34044

EXTERNAL IDS

db:	CNVD	id:	CNVD-2021-45363	Trust: 1.6
db:	NVD	id:	CVE-2025-34044	Trust: 1.0

sources: CNVD: CNVD-2021-45363 // NVD: CVE-2025-34044

REFERENCES

url:	https://www.variotdbs.pl/vuln/var-202107-1715/	Trust: 1.0
url:	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/wifisky7-rce.yaml	Trust: 1.0
url:	https://www.cnvd.org.cn/flaw/show/cnvd-2021-45363	Trust: 1.0
url:	https://s4e.io/tools/wifisky-7-layer-flow-control-router-remote-code-execution	Trust: 1.0
url:	http://www.szwifisky.com/	Trust: 1.0
url:	https://vulncheck.com/advisories/wifisky-flow-control-router-rce	Trust: 1.0

sources: NVD: CVE-2025-34044

SOURCES

db:	CNVD	id:	CNVD-2021-45363
db:	NVD	id:	CVE-2025-34044

LAST UPDATE DATE

2025-06-28T23:42:47.235000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-45363	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2025-34044	date:	2025-06-26T18:57:43.670

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-45363	date:	2021-07-30T00:00:00
db:	NVD	id:	CVE-2025-34044	date:	2025-06-26T16:15:27.670