CVE-2025-11045

A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
7.3 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://vuldb.com/?ctiid.326082
https://vuldb.com/?id.326082
https://vuldb.com/?submit.658913
https://vuldb.com/?submit.661153
https://vuldb.com/?submit.661168
https://vuldb.com/?submit.661177
https://vuldb.com/?submit.661178
https://www.yuque.com/yuqueyonghuexlgkz/zepczx/ogyduynf84q89x99?singleDoc
https://www.yuque.com/yuqueyonghuexlgkz/zepczx/py3shgm1z88g9xp2?singleDoc