Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.
AnalysisAI
Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.
Technical ContextAI
This vulnerability stems from CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating insufficient input validation in the u-link Management API when processing responses from WWH (likely 'Web/Worker Host') servers. The flaw exists in the API's command execution mechanism—when a client receives a response from a WWH server, the API fails to properly sanitize or validate the response content before passing it to OS command execution functions. The vulnerability is exacerbated by insecure proxy configurations that do not employ transport layer encryption (TLS/SSL), allowing MITM attackers to intercept and modify server responses in transit. The elevated privilege execution context suggests the u-link service runs with administrative or system-level permissions, amplifying the impact of injected commands.
RemediationAI
- Immediate: Enforce encrypted proxy configurations (HTTPS, TLS 1.2+) with certificate pinning where possible to prevent MITM response injection. 2) Short-term: Implement input validation and output encoding in u-link API to sanitize all data from WWH server responses before OS command execution; use parameterized commands or allowlists. 3) Patching: Monitor u-link vendor advisories for security patches addressing CWE-78 remediation. Apply patches to all affected versions immediately upon release. 4) Architectural: Transition from HTTP to HTTPS for all internal API communication; implement mutual TLS (mTLS) authentication between u-link clients and WWH servers. 5) Detection: Deploy network monitoring to detect suspicious command patterns in API responses or proxy traffic anomalies. No specific patch version or vendor advisory URL is available in the provided data—contact u-link vendor support for remediation timeline.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18088