← voltar
CVE-2025-13605

Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway

CVSS 9.3 CRITICALEPSS 0.2%CWE-78
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware version 3.0.59B2024080600R4353
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
3onedata · GW1101-1D(RS-485)-TB-P

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert.pl/en/posts/2026/05/CVE-2025-13605