CRITICAL🇵🇱 Wersja polska

CVE-2025-22941

CVSS 9.8v3.1pub. 2025-03-31upd. 2025-08-18

A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.

🤖 AI Analysis
How it works

The vulnerability (CWE-77) consists of insufficient input validation in the device's web interface, allowing an attacker to inject malicious system commands. A specially crafted HTTP request sent remotely, without any authentication, is processed by the web application in a way that enables execution of embedded commands with the privileges of the process handling the request. As a result, the attacker can escalate their privileges to root level on the vulnerable device.

Impact

The attacker gains full control of the device with root privileges, enabling configuration reading and modification, installation of malicious software, disruption of network service availability, and use of the device as an entry point to the operator's or subscriber's network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until updates are implemented, it is recommended to restrict access to the device's web interface exclusively to trusted management networks and implement firewall rules blocking unauthorized access to the administration panel.

Who is affected

Adtran 411 ONT with firmware version L80.00.0011.M2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Adtran 411

    HW
    Adtran
    wszystkie wersje
  • Adtran 411 Firmware

    OS
    Adtran
    l80.00.0011.m2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-22937CRITICAL9.8PL ✓ten sam produkt

Privilege escalation w Adtran 411 ONT — krytyczna podatność LPE

CVE-2025-22938CRITICAL9.8PL ✓ten sam produkt

Słabe domyślne hasła w urządzeniu Adtran 411 ONT

CVE-2025-22939CRITICAL9.8PL ✓ten sam produkt

Command injection w usłudze telnet urządzeń Adtran 411 ONT — eskalacja do root

CVE-2025-22940CRITICAL9.1PL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w Adtran 411 ONT — nieautoryzowana zmiana hasła administratora

CVE-2022-37661CRITICAL9.8ten sam vendor

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping hos...