CVE-2025-13605

UNKNOWN 0.0

Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware version 3.0.59B2024080600R4353

CWE	CWE-78
Vendor	3onedata
Product	gw1101-1d(rs-485)-tb-p
Published	May 4, 2026
Last Updated	May 4, 2026

Stay Ahead of the Next One

Get instant alerts for 3onedata gw1101-1d(rs-485)-tb-p

Be the first to know when new unknown vulnerabilities affecting 3onedata gw1101-1d(rs-485)-tb-p are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

3onedata / GW1101-1D(RS-485)-TB-P

0 < 3.0.59B2024080600R4353

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/05/CVE-2025-13605

Credits

Jarosław Wawiórko Łukasz Rybak