CVE-2025-48890 in WRH-733GBKinfo

Summary

by MITRE • 06/24/2025

WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 06/27/2025

The vulnerability identified as CVE-2025-48890 represents a critical operating system command injection flaw within the miniigd SOAP service of WRH-733GBK and WRH-733GWH network devices. This vulnerability falls under the CWE-77 category, specifically addressing improper neutralization of special elements used in operating system commands. The affected devices operate within the realm of network infrastructure equipment, where the miniigd SOAP service typically handles internet gateway device functionality and port mapping operations. The flaw exists in the processing of input parameters within the SOAP service interface, where user-supplied data is not properly sanitized before being incorporated into system commands.

The technical exploitation of this vulnerability occurs through remote unauthenticated access to the affected network devices. An attacker can craft malicious SOAP requests containing specially formatted payloads that bypass input validation mechanisms. When the miniigd service processes these requests, it concatenates the malicious input directly into operating system commands without proper sanitization or escaping. This allows attackers to inject arbitrary commands that execute with the privileges of the affected service, typically running with elevated system permissions. The vulnerability is particularly dangerous because it requires no authentication, making it accessible to anyone who can reach the device's network interface.

The operational impact of this vulnerability extends beyond simple command execution, as it provides attackers with complete control over the affected network devices. Successful exploitation can enable attackers to modify network configurations, redirect traffic, install malicious software, or establish persistent backdoors within the network infrastructure. The compromised devices may serve as entry points for broader network infiltration, potentially allowing attackers to escalate privileges and move laterally across the network. This vulnerability directly aligns with ATT&CK technique T1059.001 for command and scripting interpreter, and T1021.001 for remote services, as it enables both local and remote command execution capabilities. The implications are particularly severe for network infrastructure devices that serve as gateways or routers, as they often control critical traffic flows and network access policies.

Mitigation strategies for CVE-2025-48890 should prioritize immediate firmware updates from manufacturers, as these typically contain patches addressing the input sanitization flaws in the SOAP service implementation. Network segmentation and access control measures should be implemented to restrict access to devices running the affected miniigd service, particularly at the network perimeter. Firewalls should be configured to block unauthorized access to SOAP service endpoints and related ports. Additionally, network monitoring should be enhanced to detect anomalous command execution patterns or unusual traffic patterns that may indicate exploitation attempts. The vulnerability highlights the importance of input validation and proper sanitization of all user-supplied data, particularly in network services that interact with operating system commands. Organizations should also implement regular security assessments and penetration testing to identify similar vulnerabilities in other network infrastructure components, as this flaw demonstrates how seemingly minor input validation issues can lead to complete system compromise.

Responsible

Jpcert

Reservation

06/17/2025

Disclosure

06/24/2025

Moderation

accepted

CPE

ready

EPSS

0.02628

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!