BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the management interface of multiple BEC Technologies routers. This issue arises from improper validation of user-supplied input, which allows authenticated attackers to inject commands that are executed at the system level. Notably, the authentication requirement can be bypassed. The vulnerability affects routers listening on TCP port 22 by default.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating