CVE-2025-3008

Summary

A vulnerability classified as critical has been found in Novastar CX40 up to 2.44.0. Affected is the function system/popen of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
NovastarCX402.0affected
NovastarCX402.1affected
NovastarCX402.2affected
NovastarCX402.3affected
NovastarCX402.4affected
NovastarCX402.5affected
NovastarCX402.6affected
NovastarCX402.7affected
NovastarCX402.8affected
NovastarCX402.9affected
NovastarCX402.10affected
NovastarCX402.11affected
NovastarCX402.12affected
NovastarCX402.13affected
NovastarCX402.14affected
NovastarCX402.15affected
NovastarCX402.16affected
NovastarCX402.17affected
NovastarCX402.18affected
NovastarCX402.19affected
NovastarCX402.20affected
NovastarCX402.21affected
NovastarCX402.22affected
NovastarCX402.23affected
NovastarCX402.24affected
NovastarCX402.25affected
NovastarCX402.26affected
NovastarCX402.27affected
NovastarCX402.28affected
NovastarCX402.29affected
NovastarCX402.30affected
NovastarCX402.31affected
NovastarCX402.32affected
NovastarCX402.33affected
NovastarCX402.34affected
NovastarCX402.35affected
NovastarCX402.36affected
NovastarCX402.37affected
NovastarCX402.38affected
NovastarCX402.39affected
NovastarCX402.40affected
NovastarCX402.41affected
NovastarCX402.42affected
NovastarCX402.43affected
NovastarCX402.44affected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References