cbcvebase.
CVE-2025-34103
published 2025-07-15

CVE-2025-34103: An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the…

PriorityP276critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
4.23%
89.8th percentile
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.

Affected

1 ranges
VendorProductVersion rangeFixed in
wepresentwipg-1000< 2.2.3.02.2.3.0

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/rdfs.cgi
  • Monitor HTTP requests targeting the undocumented endpoint /cgi-bin/rdfs.cgi on WePresent WiPG-1000 devices; any request to this path from an unauthenticated source should be treated as suspicious.
  • Inspect the 'Client' parameter in requests to /cgi-bin/rdfs.cgi for shell metacharacters or command injection payloads; the parameter is passed unsanitized to a system call.
  • A public Metasploit module exists for this vulnerability targeting WePresent WiPG-1000 devices; correlate exploit framework signatures or known Metasploit HTTP patterns against traffic to /cgi-bin/rdfs.cgi.
  • ·Only WePresent WiPG-1000 firmware versions prior to 2.2.3.0 are vulnerable; version 2.2.3.0 patches this issue. Confirmed vulnerable version is 2.0.0.7.
  • ·The vulnerable endpoint /cgi-bin/rdfs.cgi is undocumented, meaning it may not appear in official firmware documentation or attack surface assessments, increasing the risk of it being overlooked.
  • ·Exploitation requires no authentication; any network-reachable attacker can trigger the vulnerability without credentials.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.