CVE-2025-54084

Calix Gigacenter ONT - Command Injection

CVSS 8.5 HIGHEPSS 0.8%CWE-78

OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Calix · GigaCenter ONT

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fluidattacks.com/advisories/bacalao https://revers3everything.com/calix-case-five-0-days-five-cves/https://www.calix.com