CVE-2025-34049 – OptiLink ONT1GEW Command Injection

June 26, 2025

CVE ID : CVE-2025-34049

Published : June 26, 2025, 4:15 p.m. | 51 minutes ago

Description : An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-36034 – IBM InfoSphere DataStage Flow Designer Information Disclosure

Next Article CVE-2025-34047 – Leadsec SSL VPN Path Traversal Vulnerability

Highlights

CVE-2024-57273 – Netgate pfSense CE Cross-Site Scripting Vulnerability

May 14, 2025

CVE ID : CVE-2024-57273

Published : May 14, 2025, 2:15 p.m. | 51 minutes ago

Description : Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized “reason” field and a derivable device key generated from the public SSH key.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Qodo launches CLI agent framework

My laptop webcam wasn’t cutting it for video calls – then I discovered this accessory

The top 6 TVs ZDNET readers are buying (no. 1 has the best picture quality we’ve ever seen)

You should probably delete any sensitive screenshots you have in your phone right now. Here’s why

Can these $100 Android phones replace my flagship? The result after weeks of testing

A bot posting the Echo JS RSS feed to Bluesky

A bot posting the Echo JS RSS feed to Bluesky

Accepting Multiple Parameters in Laravel Commands

Translate Your App to Other Languages With Laravel Gemini Translator

Distribution Release: deepin 25

Distribution Release: deepin 25

SpicyPass is a lightweight password manager

Raspberry Pi 5 Desktop Mini PC: 2.5Gbps Networking

CVE-2025-34049 – OptiLink ONT1GEW Command Injection

CVE-2025-29331 – MHSanaei 3x-ui Remote Code Execution Vulnerability

CVE-2025-53002 – LLaMA-Factory is a tuning library for large langua

Laravel Simple RabbitMQ Package

From Beta to Bedrock: Build Products that Stick.

CVE-2025-6470 – Code-projects Online Bidding System SQL Injection Vulnerability

How to Change Redirect After Login/Register in Laravel Breeze

CVE-2024-57273 – Netgate pfSense CE Cross-Site Scripting Vulnerability

wger is a fitness and nutrition manager

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Kritiek path traversal-lek geeft toegang tot voip-platform Mitel MiCollab

CVE-2025-34049 – OptiLink ONT1GEW Command Injection

Related Posts