CVE-2025-1038

The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute sever...

CVE-2025-1037

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

CVE-2025-1038

The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute sever...

PT-2025-44152

Name of the Vulnerable Software and Affected Versions TropOS 4th Gen affected versions not specified Description A command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration...

PT-2025-44154

Name of the Vulnerable Software and Affected Versions TropOS 4th Gen affected versions not specified Description The “Diagnostics Tools” page within the web-based configuration utility does not adequately validate user-supplied input. This allows a user with high-level authentication to inject...