CVE-2025-34049

UNKNOWN 0.0

OptiLink ONT1GEW GPON Remote Code Execution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

CWE	CWE-78
Vendor	optilink
Product	ont1gew gpon
Published	Jun 26, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for optilink ont1gew gpon

Be the first to know when new unknown vulnerabilities affecting optilink ont1gew gpon are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OptiLink / ONT1GEW GPON

0 ≤ V2.1.11_X101 Build 1127.190306

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49955 optilinknetwork.com: https://optilinknetwork.com/ vulncheck.com: https://vulncheck.com/advisories/optilink-ont1gew-router-rce packetstorm.news: https://packetstorm.news/files/id/162993

Credits

SecNigma Amal