Primary

Context

NetVision Information airPASS OS Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in the airPASS application by NetVision Information, specifically in versions 2.9.0.x and 3.0.0.x. This vulnerability allows remote attackers with normal user privileges to inject and execute arbitrary operating system commands.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the server where airPASS is running.

Remediation

Users of airPASS version 2.9.0.x should update to version 2.9.0.241231 or later. Users of version 3.0.0.x should update to version 3.0.0.241231 or later. Assistance can be obtained through the application's distributor or directly from the manufacturer.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NetVision Information airPASS OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

NetVision Information airPASS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating