CRITICAL🇵🇱 Wersja polska

CVE-2025-22939

CVSS 9.8v3.1pub. 2025-03-31upd. 2025-08-18

A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.

🤖 AI Analysis
How it works

The telnet service running on the Adtran 411 ONT device does not properly filter user-supplied input data, leading to a command injection vulnerability (CWE-77). An attacker can send crafted data containing malicious system commands that will be executed by the device in a privileged context. Exploitation of this vulnerability allows privilege escalation to root level without requiring any credentials.

Impact

An attacker gains full control of the device with root privileges, enabling execution of arbitrary system commands, modification of configuration, and potential further actions in the operator's or client's network.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. As an immediate protective measure, it is recommended to disable or block access to the telnet service on the device and restrict network access to the management interface only to trusted hosts.

Who is affected

Adtran 411 ONT with firmware version L80.00.0011.M2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Adtran 411

    HW
    Adtran
    wszystkie wersje
  • Adtran 411 Firmware

    OS
    Adtran
    l80.00.0011.m2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-22937CRITICAL9.8PL ✓ten sam produkt

Privilege escalation w Adtran 411 ONT — krytyczna podatność LPE

CVE-2025-22938CRITICAL9.8PL ✓ten sam produkt

Słabe domyślne hasła w urządzeniu Adtran 411 ONT

CVE-2025-22940CRITICAL9.1PL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w Adtran 411 ONT — nieautoryzowana zmiana hasła administratora

CVE-2025-22941CRITICAL9.8PL ✓ten sam produkt

Command injection w interfejsie webowym Adtran 411 ONT — eskalacja do root

CVE-2022-37661CRITICAL9.8ten sam vendor

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping hos...