CVE-2025-31710

CVSS 5.9 MEDIUMEPSS 0.4%CWE-77

In short

The engineermode service fails to properly validate user input, allowing attackers to inject commands that execute with elevated privileges. This could let an attacker take control of the system locally without needing special permissions first.

Technical detail

CWE-77 command injection vulnerability in the engineermode service due to insufficient input validation. Local attacker can inject arbitrary commands through unvalidated parameters, leading to privilege escalation without requiring pre-existing elevated privileges or additional execution context.

Summary generated and translated by AI from the official description.

In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Unisoc (Shanghai) Technologies Co., Ltd. · SC9863A/T606/T612/T616/T750/T765/T760/T770/T820/S8000/T8300/T9300

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.unisoc.com/en_us/secy/announcementDetail/1929773763314909186