CVE-2025-2701
Published: 24 March 2025
Description
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Security Summary
CVE-2025-2701 is a critical vulnerability in AMTT Hotel Broadband Operation System 1.0 that enables OS command injection through the popen function in the file /manager/network/port_setup.php. The issue arises from manipulation of the arguments SwitchVersion, SwitchWrite, SwitchIP, SwitchIndex, and SwitchState, as classified under CWE-77 and CWE-78. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L), indicating network-accessible exploitation with low complexity and low privileges required.
Attackers with low-privilege access can exploit this vulnerability remotely over the network without user interaction. Successful exploitation allows injection and execution of arbitrary operating system commands, potentially resulting in limited impacts to confidentiality, integrity, and availability, such as data leakage, modification, or service disruption on the affected system.
VulDB advisories (ctiid.300718, id.300718, submit.516089) document the vulnerability, noting that an exploit has been publicly disclosed on GitHub (zian10001/cve/blob/main/rce.md) and may be actively used. The vendor was contacted early regarding disclosure but provided no response, and no patches or official mitigations are mentioned in the available references.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote OS command injection in a public-facing web management interface (/manager/network/port_setup.php) enables exploitation of public-facing applications (T1190) and indirect command execution via popen (T1202).