CVE-2025-34049: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in OptiLink ONT1GEW GPON
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
AI Analysis
Technical Summary
This vulnerability involves improper neutralization of special elements in OS commands (CWE-78) within the OptiLink ONT1GEW GPON router firmware. Specifically, the web management interface fails to sanitize the target_addr parameter in the formTracert and formPing endpoints, allowing an authenticated attacker to inject arbitrary OS commands. These commands execute with root privileges, enabling remote code execution and full device compromise. The firmware versions affected include V2.1.11_X101 Build 1127.190306 and earlier. The vulnerability was publicly disclosed and exploitation evidence was observed in early 2025. No patch or vendor advisory detailing remediation is currently available.
Potential Impact
Successful exploitation allows an authenticated attacker to execute arbitrary operating system commands with root privileges on the affected device. This leads to full compromise of the OptiLink ONT1GEW GPON router, potentially allowing control over the device and its network functions. The vulnerability is critical with a CVSS 4.0 score of 9.4. There is no indication of known exploits in the wild beyond the observed exploitation evidence.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the router’s web management interface to trusted administrators only and monitor for unauthorized access attempts. Avoid using affected firmware versions where possible.
CVE-2025-34049: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in OptiLink ONT1GEW GPON
Description
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper neutralization of special elements in OS commands (CWE-78) within the OptiLink ONT1GEW GPON router firmware. Specifically, the web management interface fails to sanitize the target_addr parameter in the formTracert and formPing endpoints, allowing an authenticated attacker to inject arbitrary OS commands. These commands execute with root privileges, enabling remote code execution and full device compromise. The firmware versions affected include V2.1.11_X101 Build 1127.190306 and earlier. The vulnerability was publicly disclosed and exploitation evidence was observed in early 2025. No patch or vendor advisory detailing remediation is currently available.
Potential Impact
Successful exploitation allows an authenticated attacker to execute arbitrary operating system commands with root privileges on the affected device. This leads to full compromise of the OptiLink ONT1GEW GPON router, potentially allowing control over the device and its network functions. The vulnerability is critical with a CVSS 4.0 score of 9.4. There is no indication of known exploits in the wild beyond the observed exploitation evidence.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the router’s web management interface to trusted administrators only and monitor for unauthorized access attempts. Avoid using affected firmware versions where possible.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.548Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 685d6fabca1063fb8742bc15
Added to database: 6/26/2025, 4:04:59 PM
Last enriched: 4/7/2026, 10:58:37 PM
Last updated: 5/10/2026, 8:25:18 AM
Views: 246
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.