CVE-2025-52377 – Nexxt Solutions NCM-X1800 Mesh Router Command Injection Vulnerability

July 15, 2025

CVE ID : CVE-2025-52377

Published : July 15, 2025, 3:15 p.m. | 1 hour, 19 minutes ago

Description : Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface’s ping and traceroute functionality, specifically in the /web/um_ping_set.cgi endpoint. The application fails to properly sanitize user input in the `Ping_host_text` parameter before passing it to the underlying system command, allowing attackers to inject and execute arbitrary shell commands as the root user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6971 – SOLIDWORKS eDrawings After Free Vulnerability

Next Article CVE-2025-48795 – Apache CXF Unencrypted Temporary File Log Exposure Denial of Service

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

7 games that are perfect for handheld gaming PCs — with my favorite Steam Deck, ROG Ally, and Legion Go titles

Windows 11 Firewall with Advanced Security flags up errors in “under development” code — but it’s nothing to worry about

Metal Gear Solid Delta: Snake Eater — How to pre-order, release dates, story, gameplay, and everything else you need to know

The details of TC39’s last meeting

The details of TC39’s last meeting

Revolutionize Your IoT Management with Total.js IoT Platform: Simplify, Monitor, and Optimize

Creating a Brand Kit in Stream: Why It Matters and How It helps Organizations

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

7 games that are perfect for handheld gaming PCs — with my favorite Steam Deck, ROG Ally, and Legion Go titles

Windows 11 Firewall with Advanced Security flags up errors in “under development” code — but it’s nothing to worry about

CVE-2025-52377 – Nexxt Solutions NCM-X1800 Mesh Router Command Injection Vulnerability

CVE-2025-5393 – WordPress Alone Charity Multipurpose Non-profit Theme Arbitrary File Deletion Vulnerability

CVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

Text-to-speech with feeling – this new AI model does everything but shed a tear

CVE-2025-46717 – “Sudo-rs Path Traversal Information Disclosure”

How to Sandbox Linux Apps with Firejail and Bubblewrap

CVE-2025-6409 – PHPGurukul Art Gallery Management System SQL Injection

CVE-2025-26780 – “Samsung Exynos Denial of Service (DoS) Vulnerability”

CVE-2025-32706 – Windows Common Log File System Driver Local Privilege Escalation Vulnerability

CVE-2025-25776 – Codeastro Bus Ticket Booking System XSS

ServiceNow AI Released Apriel-Nemotron-15b-Thinker: A Compact Yet Powerful Reasoning Model Optimized for Enterprise-Scale Deployment and Efficiency

CVE-2025-52377 – Nexxt Solutions NCM-X1800 Mesh Router Command Injection Vulnerability

Related Posts