1 results (0.002 seconds)
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2701 – AMTT Hotel Broadband Operation System port_setup.php popen os command injection
https://notcve.org/view.php?id=CVE-2025-2701
24 Mar 2025 — A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/zian10001/cve/blob/main/rce.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •