CVE-2025-6103 | Wifi-soft UniBox Controller up to 20250506 test_accesscodelogin.php Password os command injection

A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection.

This vulnerability is handled as CVE-2025-6103. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-6103 | Wifi-soft UniBox Controller up to 20250506 test_accesscodelogin.php Password os command injection

Post correlati

CVE-2024-13030 | D-Link DIR-823G 1.0.2B05_20181207 Web Management Interface /HNAP1/ access control

CVE-2024-49038 | Microsoft Copilot Studio cross site scripting

CVE-2023-45483 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn compare_parentcontrol_time stack-based overflow

CVE-2023-45171 | IBM AIX/VIOS Kernel denial of service