Critical severityNVD Advisory· Published Jul 15, 2025· Updated Apr 15, 2026

CVE-2025-34103

Description

An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wipg1000_cmd_injection.rbnvd
www.exploit-db.com/exploits/41935nvd
www.redguard.ch/advisories/wepresent-wipg1000.txtnvd
www.vulncheck.com/advisories/we-present-wi-pg-1000-unauthenticated-command-injectionnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.058
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000