CVE-2025-11045 is a command injection vulnerability affecting multiple versions of WAYOS products LQ_04, LQ_05, LQ_06, LQ_07, and LQ_09, specifically version 22.03.17. The vulnerability resides in an unspecified function within the /usb_paswd.asp file, where manipulation of the 'Name' argument allows an attacker to inject arbitrary commands. This flaw can be exploited remotely without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/AT:N/PR:N/UI:N). The vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L/VI:L/VA:L), suggesting that successful exploitation could lead to partial compromise of system data and functionality. The exploit code is publicly available, increasing the risk of exploitation, although no known exploits in the wild have been reported yet. The vulnerability is rated with a CVSS 4.0 base score of 6.9, categorized as medium severity. The attack surface is network-exposed, and the affected products are network devices or software from WAYOS, which is known for network operating systems and routing solutions. The lack of patches or mitigation links in the provided data indicates that remediation may not yet be publicly available, increasing urgency for affected organizations to implement compensating controls.

For European organizations, the impact of CVE-2025-11045 could be significant, especially for those relying on WAYOS LQ series devices in their network infrastructure. Successful exploitation could allow remote attackers to execute arbitrary commands on affected devices, potentially leading to unauthorized access, data leakage, disruption of network services, or pivoting within internal networks. This could compromise the confidentiality of sensitive communications, integrity of network configurations, and availability of critical network functions. Given the remote and unauthenticated nature of the exploit, attackers could leverage this vulnerability to establish persistent footholds or disrupt operations without insider access. Organizations in sectors such as telecommunications, critical infrastructure, finance, and government, which often deploy specialized network equipment, may face increased risk. The presence of publicly available exploit code further elevates the threat landscape, necessitating prompt attention to prevent exploitation attempts that could lead to service outages or data breaches.

Since no official patches or updates are currently referenced, European organizations should take immediate steps to mitigate risk. First, they should conduct an inventory to identify all WAYOS LQ series devices running version 22.03.17 or related vulnerable versions. Network segmentation should be enforced to isolate these devices from untrusted networks and limit administrative access. Implement strict firewall rules to restrict access to management interfaces, especially blocking access to the /usb_paswd.asp endpoint from external or untrusted sources. Employ intrusion detection and prevention systems (IDS/IPS) to monitor for suspicious command injection patterns or exploit attempts targeting these devices. Regularly review device logs for anomalous activity. Where possible, disable or restrict the vulnerable functionality if it is not essential. Engage with WAYOS or authorized vendors to obtain security advisories or patches as they become available. Additionally, consider deploying compensating controls such as network behavior anomaly detection and multi-factor authentication for device management to reduce exploitation likelihood.