CVE-2025-34103

WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi

CVSS 9.3 CRITICALEPSS 4.2%CWE-306 CWE-78

Vexday Risk Score

63High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.3EPSS 4.2%KEV nãoPoC públicaNuclei —Metasploit simPatch —

Lifecycle

20 Apr 2017Metasploit module available

15 Jul 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

WePresent (Barco) · WiPG-1000

public PoCs found — 2

cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wipg1000_cmd_injection.rbunverified cve_referencewww.exploit-db.com/exploits/41935unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wipg1000_cmd_injection.rb https://www.exploit-db.com/exploits/41935 https://www.redguard.ch/advisories/wepresent-wipg1000.txt https://www.vulncheck.com/advisories/we-present-wi-pg-1000-unauthenticated-command-injection