CVE-2025-3705

MEDIUM

Frauscher FDS101, FDS102, and FDS-SNMP101 - OS Command Injection via USB Config File

Title source: llm

Description

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') when loading a config file from a USB drive.

References (1)

Core 1

Core References

Various Sources

https://certvde.com/en/advisories/VDE-2025-030

Scores

CVSS v3 6.8

EPSS 0.0078

EPSS Percentile 51.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-78

Status published

Products (3)

Frauscher/FDS-SNMP101 0.0.0 - v.2.3.9

Frauscher/FDS101 0.0.0 - v1.4.25

Frauscher/FDS102 0.0.0 - v2.13.3

Published Jul 07, 2025

Tracked Since Feb 18, 2026