Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52379

Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter, allowing authenticated attackers to execute arbitrary OS commands on the device, resulting in remote code execution.

Published

2025-07-15T15:15:25.227

Last Modified

2025-07-15T20:07:28.023

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

References

https://github.com/Vagebondcur/nexxt-solutions-NCM-X1800-exploits ([email protected])
https://github.com/Vagebondcur/nexxt-solutions-NCM-X1800-exploits/blob/main/CVE-2025-52379/writeup.md ([email protected])