CVE-2025-43879

| EUVD-2025-18997 CRITICAL
2025-06-24 [email protected]
9.8
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-18997
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
CVE Published
Jun 24, 2025 - 05:15 nvd
CRITICAL 9.8

Tags

Command Injection

Description

WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.

Analysis

CVE-2025-43879 is a critical OS command injection vulnerability in Whirlpool refrigerator models WRH-733GBK and WRH-733GWH that allows unauthenticated remote attackers to execute arbitrary operating system commands via the telnet function. With a CVSS 9.8 score and network-accessible attack vector requiring no authentication or user interaction, this vulnerability poses immediate risk to any connected affected appliance. The vulnerability's presence in IoT/appliance firmware suggests potential for botnet recruitment, lateral network movement, or data exfiltration from vulnerable devices.

Technical Context

The vulnerability stems from improper input validation in the telnet service exposed on these refrigerator models (CWE-78: Improper Neutralization of Special Elements used in an OS Command). The affected products—Whirlpool WRH-733GBK and WRH-733GWH refrigerators—likely contain embedded Linux or similar OS running a telnet daemon that fails to sanitize user-supplied input before passing it to shell execution functions (execve, system, popen, etc.). The telnet protocol (RFC 854) itself is legacy and unencrypted, compounding the risk; attackers can inject shell metacharacters (pipe, semicolon, backticks, command substitution) directly into telnet commands without requiring authentication. CPE strings would be approximately 'cpe:2.3:a:whirlpool:wrh-733gbk:*' and 'cpe:2.3:a:whirlpool:wrh-733gwh:*', though exact firmware version ranges are not specified in available disclosure.

Affected Products

- vendor: Whirlpool; product: WRH-733GBK; type: Refrigerator; description: Bottom-freezer refrigerator model; affected_versions: All versions (specific firmware version range not disclosed) - vendor: Whirlpool; product: WRH-733GWH; type: Refrigerator; description: Bottom-freezer refrigerator model (white variant); affected_versions: All versions (specific firmware version range not disclosed)

Remediation

Immediate remediation steps: (1) Disable or restrict telnet access on affected refrigerators if possible through device settings or network segmentation (isolate appliance to guest/IoT network with no inbound access from untrusted networks); (2) Contact Whirlpool for firmware patch availability—check product support pages for WRH-733GBK and WRH-733GWH security updates; (3) If OTA firmware updates are available, apply immediately; (4) As temporary mitigation, block telnet (port 23) at network perimeter and disable UPnP/port forwarding on home routers to prevent external telnet exposure. (5) Monitor for Whirlpool security advisories at their official security page or contact customer support directly. Note: IoT appliance patching is often slow or unavailable; if no patch is released within 90 days, consider network isolation as permanent mitigation.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +49
POC: 0

Share

CVE-2025-43879 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy