CVE-2025-11045 in LQ_04
Summary
by MITRE • 09/27/2025
A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/27/2025
This vulnerability exists within the WAYOS LQ series of network appliances including models LQ_04, LQ_05, LQ_06, LQ_07, and LQ_09 running firmware version 22.03.17. The affected component is the /usb_paswd.asp file which processes user input through a parameter named Name. This represents a critical command injection flaw that allows remote attackers to execute arbitrary commands on the affected devices. The vulnerability stems from insufficient input validation and sanitization within the web interface, creating a pathway for malicious command execution that bypasses normal security controls. The attack vector is remotely accessible, meaning an attacker does not require physical access or local network presence to exploit this weakness. This type of vulnerability falls under CWE-77 and CWE-94 classifications, representing command injection and code injection respectively, which are fundamental security flaws that enable attackers to execute arbitrary system commands.
The operational impact of this vulnerability is severe and multifaceted. Remote command injection allows attackers to gain full administrative control over the affected network appliances, potentially enabling them to modify system configurations, extract sensitive data, install backdoors, or use the devices as entry points for further network infiltration. The public availability of exploits for this vulnerability significantly increases the risk profile, as it eliminates the need for advanced technical skills to leverage the flaw. Network administrators face the potential for complete compromise of these devices, which could serve as critical infrastructure points for network monitoring, access control, or other security functions. The affected devices may be used to launch attacks against other systems within the network, creating a potential escalation path for malicious actors.
Mitigation strategies should prioritize immediate firmware updates from the vendor to address this vulnerability, as this represents the most effective solution. Network segmentation and firewall rules should be implemented to restrict access to the affected web interface, limiting potential attack surfaces. Access controls should be strengthened through the implementation of multi-factor authentication and IP address whitelisting for administrative interfaces. Regular network monitoring should be enhanced to detect suspicious command execution patterns or unusual network traffic originating from these devices. Security teams should conduct comprehensive vulnerability assessments to identify any potential compromise of the affected systems. The use of intrusion detection systems and network behavior analysis tools can help identify exploitation attempts. Additionally, organizations should consider implementing web application firewalls to filter malicious input targeting the specific vulnerable endpoint and establish incident response procedures to address potential compromise scenarios. This vulnerability demonstrates the importance of secure coding practices and input validation in web applications, aligning with ATT&CK technique T1059.001 for command and script injection.