CVE-2025-11045

Summary

A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

Affected Software

VendorProductVersion RangeStatus
WAYOSLQ_0422.03.17affected
WAYOSLQ_0522.03.17affected
WAYOSLQ_0622.03.17affected
WAYOSLQ_0722.03.17affected
WAYOSLQ_0922.03.17affected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References