CVE-2025-31715

CVSS 9.8 CRITICALEPSS 1.6%

In short

A flaw in vowifi service allows attackers to inject malicious commands through improperly validated user input, potentially gaining unauthorized elevated privileges on the system.

Technical detail

Remote command injection vulnerability in vowifi service stemming from insufficient input validation. Attackers can exploit this via network access without requiring prior privileges, achieving arbitrary code execution and privilege escalation on the affected system.

Summary generated and translated by AI from the official description.

In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Unisoc (Shanghai) Technologies Co., Ltd. · SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.unisoc.com/en_us/secy/announcementDetail/1944933773300793346