CVE-2025-54084
8.5
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Calix | GigaCenter ONT | 844E | affected |
| Calix | GigaCenter ONT | 844G | affected |
| Calix | GigaCenter ONT | 844GE | affected |
| Calix | GigaCenter ONT | 854GE | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://fluidattacks.com/advisories/bacalao
- https://www.calix.com
- https://revers3everything.com/calix-case-five-0-days-five-cves/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.