CVE-2025-0680 New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.

🗓️ 30 Jan 2025 18:50:10Reported by icscertType

Vulnerability in New Rock Technologies devices allows OS command injection for remote control.

Reporter	Title	Published	Views	Family All 9
GithubExploit	Exploit for CVE-2025-0680	22 May 202613:18	–	githubexploit
Circl	CVE-2025-0680	30 Jan 202511:00	–	circl
CNNVD	New Rock Cloud Connected Devices 操作系统命令注入漏洞	30 Jan 202500:00	–	cnnvd
CVE	CVE-2025-0680	30 Jan 202518:50	–	cve
EUVD	EUVD-2025-1812	3 Oct 202520:07	–	euvd
ICS	New Rock Technologies Cloud Connected Devices	30 Jan 202507:00	–	ics
NVD	CVE-2025-0680	30 Jan 202519:15	–	nvd
Positive Technologies	PT-2025-3999 · Unknown · Device Cloud	30 Jan 202500:00	–	ptsecurity
Vulnrichment	CVE-2025-0680 New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.	30 Jan 202518:50	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "OM500 IP-PBX",
    "vendor": "New Rock Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX8G VoIP Gateway",
    "vendor": "New Rock Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NRP1302/P Desktop IP Phone",
    "vendor": "New Rock Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-25-030-02
newrocktech	www.newrocktech.com/ContactUs/index.html

30 Jan 2025 18:50Current

CVSS 49.3

CVSS 3.19.8

EPSS0.00807

CWE-78