CVE-2025-34035
EnGenius EnShare IoT Gigabit Cloud Service Command Injection
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.
| CWE | CWE-78 |
| Vendor | engenius |
| Product | enshare iot gigabit cloud service |
| Published | Jun 24, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for engenius enshare iot gigabit cloud service
Be the first to know when new unknown vulnerabilities affecting engenius enshare iot gigabit cloud service are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
EnGenius / EnShare IoT Gigabit Cloud Service
0 ≤ 1.4.11
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php exploit-db.com: https://www.exploit-db.com/exploits/42114 packetstormsecurity.com: https://packetstormsecurity.com/files/142792 cxsecurity.com: https://cxsecurity.com/issue/WLB-2017060050 vulncheck.com: https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service
Credits
Gjoko Krstic