CVE-2025-52361

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
mitreCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
References
https://seclists.org/fulldisclosure/2025/Jul/20
https://www.ak-nord.de/usbserver-usb--usb-converter--usb-auf-ethernet--usb-to-ethernet--usb-auf-lan--usb-server--usb-konverter--print-server-80.html