CVE-2025-50475 – Russound MBX-PRE-D67F OS Command Injection Vulnerability

July 31, 2025

CVE ID : CVE-2025-50475

Published : July 31, 2025, 3:15 p.m. | 8 hours, 9 minutes ago

Description : An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization of special elements used in an OS command within the network configuration handler, enabling remote code execution with the highest privileges.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-50849 – CS Cart IDOR

Next Article CVE-2025-53558 – ZTE Japan K.K. ZXHN-F660T/F660A Default Credential Vulnerability

Highlights

CVE-2025-40624 – TCMAN’s GIM SQL Injection Vulnerability

May 6, 2025

CVE ID : CVE-2025-40624

Published : May 6, 2025, 11:15 a.m. | 36 minutes ago

Description : SQL injection in TCMAN’s GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and “email” parameters of the ‘updatePassword’ endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-50475 – Russound MBX-PRE-D67F OS Command Injection Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

CodeSOD: Exactly a Date

Prompt Engineering 101: Master LLMs Like ChatGPT & Claude

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

CVE-2025-34044 – WIFISKY 7-layer Flow Control Router Command Injection Vulnerability

CVE-2025-40624 – TCMAN’s GIM SQL Injection Vulnerability

CVE-2025-45237 – DBSyncer Unsecured Configuration File Access Vulnerability

Microsoft Replaces JScript with JScript9Legacy for Better Security in Windows 11

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

CVE-2025-50475 – Russound MBX-PRE-D67F OS Command Injection Vulnerability

Related Posts