VULNERABILITY DESCRIPTION
Un-/Collapse All
This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory.
Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.
Vulnerability CVE-2025-27392
Affected devices do not properly sanitize user input when creating new VXLAN configurations.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
CVSS v3.1 Base Score
7.2
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score
8.6
CVSS v4.0 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vulnerability CVE-2025-27393
Affected devices do not properly sanitize user input when creating new users.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
CVSS v3.1 Base Score
7.2
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score
8.6
CVSS v4.0 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vulnerability CVE-2025-27394
Affected devices do not properly sanitize user input when creating new SNMP users.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
CVSS v3.1 Base Score
7.2
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score
8.6
CVSS v4.0 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vulnerability CVE-2025-27395
Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files.
CVSS v3.1 Base Score
7.2
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score
8.6
CVSS v4.0 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerability CVE-2025-27396
Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality.
This could allow an authenticated lowly-privileged remote attacker to escalate their privileges.
CVSS v3.1 Base Score
8.8
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score
8.7
CVSS v4.0 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
CWE-273: Improper Check for Dropped Privileges
Vulnerability CVE-2025-27397
Affected devices do not properly limit user controlled paths to which logs are written and from where they are read.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .
CVSS v3.1 Base Score
3.8
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
CVSS v4.0 Base Score
5.1
CVSS v4.0 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CWE
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerability CVE-2025-27398
Affected devices do not properly neutralize special characters when interpreting user controlled log paths.
This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.
CVSS v3.1 Base Score
2.7
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CVSS v4.0 Base Score
2.1
CVSS v4.0 Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CWE
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')