CVE-2025-34035

EnGenius EnShare IoT Gigabit Cloud Service Command Injection

Description

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.

INFO

Published Date :

2025-06-24T01:00:23.862Z

Last Modified :

2026-04-07T14:09:10.247Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2025-34035 vulnerability.

Vendors	Products
Engeniustech	Epg5000 Epg5000 Firmware Esr1200 Esr1200 Firmware Esr1750 Esr1750 Firmware Esr300 Esr300 Firmware Esr350 Esr350 Firmware Esr600 Esr600 Firmware Esr900 Esr900 Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34035.

URL	Resource
https://cxsecurity.com/issue/WLB-2017060050
https://packetstormsecurity.com/files/142792
https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service
https://www.exploit-db.com/exploits/42114
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php