← back
CVE-2025-58116

CVE-2025-58116

CVSS 8.6 HIGHEPSS 1.1%CWE-78
In short

A flaw in WN-7D36QR and WN-7D36QR/UE devices allows a logged-in user to run any command on the system by injecting malicious OS commands. This could let an attacker take full control of the device.

Technical detail

OS command injection vulnerability in WN-7D36QR/WN-7D36QR/UE due to improper sanitization of user-supplied input in OS command construction. Requires prior authentication; attacker can execute arbitrary system commands with device privileges, potentially leading to complete system compromise.

Summary generated and translated by AI from the official description.
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
I-O DATA DEVICE, INC. · WN-7D36QRI-O DATA DEVICE, INC. · WN-7D36QR/UE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/vu/JVNVU97490987/https://www.iodata.jp/support/information/2025/09_wn-7d36qr/index.htm