CVE-2025-22469 in CL4-6NX Plusinfo

Summary

by MITRE • 08/06/2025

OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system with a certain non-administrative user privilege.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 08/06/2025

This vulnerability represents a critical os command injection flaw affecting CL46NX Plus and CL46NX-J Plus security devices running firmware versions earlier than 1155r1. The vulnerability stems from insufficient input validation within the device's web interface authentication and command processing mechanisms, allowing authenticated users with non-administrative privileges to inject and execute arbitrary operating system commands on the affected systems. The flaw manifests when the device fails to properly sanitize user-supplied input parameters before incorporating them into system commands, creating a pathway for malicious command injection attacks.

The technical implementation of this vulnerability involves the device's handling of user credentials and administrative commands through web-based interfaces. When legitimate users authenticate with the system, the device processes their input without adequate sanitization, enabling attackers to manipulate input fields to inject malicious commands that execute with the privileges of the authenticated user. This represents a direct violation of secure coding practices and specifically aligns with CWE-77 which addresses command injection vulnerabilities. The vulnerability operates at the application layer and can be exploited through web interface interactions, making it particularly dangerous as it requires minimal privileges to exploit.

The operational impact of this vulnerability extends beyond simple privilege escalation, as it allows for complete system compromise through command execution. An attacker with non-administrative access can leverage this vulnerability to execute arbitrary commands on the device, potentially leading to unauthorized data access, system modification, or complete device takeover. The implications include potential data exfiltration, service disruption, and the ability to establish persistent access points within network environments. This vulnerability particularly affects industrial security devices deployed in critical infrastructure environments where unauthorized access could have severe operational consequences.

Mitigation strategies must address both immediate remediation and long-term security hardening measures. The primary recommendation involves upgrading all affected devices to firmware version 1155r1 or later, which includes proper input validation and sanitization mechanisms. Organizations should implement network segmentation to limit access to these devices and enforce strict access controls through role-based permissions. Additional protective measures include implementing web application firewalls, regular security assessments, and monitoring for unusual command execution patterns. The vulnerability also highlights the importance of following secure development lifecycle practices and adhering to industry standards such as those outlined in the mitre ATT&CK framework, specifically targeting techniques related to command and scripting interpreters and privilege escalation. Regular vulnerability scanning and patch management processes should be enhanced to prevent similar issues in future deployments.

Responsible

Jpcert

Reservation

01/07/2025

Disclosure

08/06/2025

Moderation

accepted

CPE

ready

EPSS

0.01090

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!