Critical severity9.8NVD Advisory· Published Jun 24, 2025· Updated Jun 17, 2026
CVE-2025-34035
CVE-2025-34035
Description
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=1.4.11+ 1 more
- (no CPE)range: <=1.4.11
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
5- cxsecurity.com/issue/WLB-2017060050nvdExploitThird Party Advisory
- www.exploit-db.com/exploits/42114nvdExploitThird Party Advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.phpnvdExploitThird Party Advisory
- vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-servicenvdThird Party Advisory
- packetstormsecurity.com/files/142792nvdBroken Link
News mentions
0No linked articles in our index yet.