Skip to main content

PowerStick Wave CVE-2025-29534

HIGH
OS Command Injection (CWE-78)
2025-07-28 cve@mitre.org
8.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable CGI requiring valid low-privilege login (PR:L) with low complexity; command injection runs as root, giving full C/I/A impact with no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 01:59 vuln.today

DescriptionCVE.org

An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue stems from insufficient sanitization of user-supplied input in the /cgi-bin/cgi_vista.cgi executable, which is passed to a system-level function call.

AnalysisAI

Authenticated OS command injection in the PowerStick Wave Dual-Band Wifi Extender V1.0 lets a user with valid credentials run arbitrary commands as root via the /cgi-bin/cgi_vista.cgi endpoint. Because the device firmware runs its web management logic with root privileges, successful exploitation yields complete takeover of the extender. The single NVD reference is a public researcher gist that very likely contains proof-of-concept detail, though the flaw is not listed in CISA KEV and EPSS risk is modest (0.66%, 47th percentile).

Technical ContextAI

The affected component is the embedded web management interface of a consumer dual-band Wi-Fi range extender, implemented as CGI binaries under /cgi-bin/. The specific executable cgi_vista.cgi takes user-supplied parameters and passes them into a system-level call (e.g. system()/popen()/exec of a shell) without adequate sanitization or escaping. This is a classic CWE-78 (Improper Neutralization of Special Elements used in an OS Command) issue: shell metacharacters such as ;, |, `, and $() in the tainted input are interpreted by the underlying shell rather than treated as literal data. As is typical for SOHO networking firmware, the CGI process executes as root, so any injected command inherits full root privileges on the device.

Affected ProductsAI

The vulnerability affects the PowerStick Wave Dual-Band Wifi Extender at firmware/hardware version V1.0, specifically the web management binary /cgi-bin/cgi_vista.cgi. No CPE string was provided in the input, so the affected configuration is derived solely from the CVE description; other firmware revisions or hardware variants are not confirmed affected or unaffected from the available data. The only reference supplied is a public gist (https://gist.github.com/EmptyButter/19b2c626f4589d1f9d4478632205a9eb); no official vendor advisory URL was provided.

RemediationAI

No vendor-released patch identified at time of analysis, and no fix version is present in the input data, so a firmware upgrade cannot be cited. As compensating controls: change any default/weak administrative credentials immediately since exploitation requires an authenticated session, which raises the barrier when credentials are strong and unique; restrict access to the extender's web management interface (typically HTTP on the LAN IP) to a trusted management VLAN or specific admin host via network segmentation, accepting the trade-off that legitimate remote administration becomes less convenient; disable any remote/WAN-side management if the device exposes it; and monitor the device's LAN for unexpected outbound connections that could indicate post-exploitation. Where feasible, consider retiring or replacing the device given the absence of a confirmed patch. Consult the referenced gist for technical detail, but treat it as researcher material rather than a vendor advisory.

Share

CVE-2025-29534 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy