CVE-2026-25196
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2Description
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.
Analysis
Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into Wi-Fi SSID or password configuration fields. The vulnerability affects multiple Xweb Pro models (300d, 500b, 500d) and requires high privilege access to exploit, though successful exploitation grants complete system compromise across the network. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all XWEB Pro deployments and identify systems running version 1.12.1 or earlier; restrict administrative access to XWEB Pro to essential personnel only. Within 7 days: Implement network segmentation to isolate XWEB Pro systems from critical assets; enable comprehensive logging and monitoring of XWEB Pro configuration changes. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today