Tcis 3 Firmware
CVE-2025-59818
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
AnalysisAI
A product has an authenticated command injection vulnerability (CVSS 10.0) allowing execution of arbitrary OS commands on the underlying system.
Technical ContextAI
CWE-77 command injection allows authenticated attackers to execute arbitrary commands on the underlying operating system.
RemediationAI
Apply vendor patches. Use parameterized commands.
More in Tcis 3 Firmware
View allCommand injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. [CVSS 8.6
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today