CVE-2025-34103
published 2025-07-15CVE-2025-34103: An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the…
PriorityP276critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
4.23%
89.8th percentile
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wepresent | wipg-1000 | < 2.2.3.0 | 2.2.3.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting the undocumented endpoint /cgi-bin/rdfs.cgi on WePresent WiPG-1000 devices; any request to this path from an unauthenticated source should be treated as suspicious. ↗
- →Inspect the 'Client' parameter in requests to /cgi-bin/rdfs.cgi for shell metacharacters or command injection payloads; the parameter is passed unsanitized to a system call. ↗
- →A public Metasploit module exists for this vulnerability targeting WePresent WiPG-1000 devices; correlate exploit framework signatures or known Metasploit HTTP patterns against traffic to /cgi-bin/rdfs.cgi. ↗
- ·Only WePresent WiPG-1000 firmware versions prior to 2.2.3.0 are vulnerable; version 2.2.3.0 patches this issue. Confirmed vulnerable version is 2.0.0.7. ↗
- ·The vulnerable endpoint /cgi-bin/rdfs.cgi is undocumented, meaning it may not appear in official firmware documentation or attack surface assessments, increasing the risk of it being overlooked. ↗
- ·Exploitation requires no authentication; any network-reachable attacker can trigger the vulnerability without credentials. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wipg1000_cmd_injection.rbhttps://www.exploit-db.com/exploits/41935https://www.redguard.ch/advisories/wepresent-wipg1000.txthttps://www.vulncheck.com/advisories/we-present-wi-pg-1000-unauthenticated-command-injection
2025-07-15
Published