Primary

Context

Easywall Command Injection Vulnerability Leading to Remote Command Execution

Vulnerability

A command injection vulnerability has been identified in Easywall version 0.3.1, allowing authenticated users to execute arbitrary commands on the server via the '/ports-save' endpoint. The vulnerability arises from improper handling of command delimiters, enabling the injection of shell metacharacters.

Impact

Exploitation of this vulnerability allows for authenticated remote command execution on the server.

Reproduction

To reproduce this vulnerability, log into the application with valid credentials. Once authenticated, send a POST request to the '/ports-save' endpoint with injected shell metacharacters in the 'port' parameter. This injection exploits the command execution flaw by appending a reverse shell command. After the payload is sent, trigger the execution by posting to the '/apply-save' endpoint. If successful, a reverse shell will be established.

Added: Dec 4, 2025, 9:31 PM

Updated: Dec 4, 2025, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Easywall Command Injection Vulnerability Leading to Remote Command Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating