Description
A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".
References (1)
Core 1
Core References
Various Sources release-notes
https://www.fast-lta.de/de/fast/silent-bricks-software-2-63
Scores
CVSS v4
10.0
EPSS
0.0127
EPSS Percentile
66.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:M/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
FAST LTA/FAST LTA Silent Brick WebUI
WebUI Release 2.45 (Linux 5.4.109-gentoo-FAST) - 2.63.04
Published
Mar 31, 2025
Tracked Since
Feb 18, 2026