CVE-2025-50753 is a critical vulnerability affecting Mitrastar GPT-2741GNAC-N2 devices. These devices provide SSH access to users through a restricted default shell environment intended to limit command execution capabilities. The vulnerability arises from improper input validation in the restricted shell's command "deviceinfo show file", which is designed to display files and directories. By passing the argument " /bin/sh" (including the quotes) to this command, an attacker can escape the restricted shell environment and gain access to a root shell. This effectively grants full administrative privileges on the device without requiring authentication or user interaction. The vulnerability is classified under CWE-250 (Execution with Unnecessary Privileges), indicating that the restricted shell fails to properly enforce privilege boundaries. The CVSS v3.1 base score is 8.4 (high severity), with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are reported in the wild yet, the ease of exploitation and the severity of impact make this a significant threat. The vulnerability allows an attacker with local access to the device (e.g., via SSH) to escalate privileges to root, potentially compromising the entire device and any network it connects to. No patches or mitigations have been published at the time of disclosure, increasing the urgency for affected organizations to implement protective measures.

For European organizations, this vulnerability poses a substantial risk, especially for those using Mitrastar GPT-2741GNAC-N2 devices in their network infrastructure, such as ISPs, telecommunications providers, and enterprises relying on these devices for connectivity or network management. The ability to gain root access without authentication can lead to full device compromise, enabling attackers to intercept, modify, or disrupt network traffic, deploy malware, or pivot to other internal systems. This can result in severe confidentiality breaches, data integrity violations, and service outages. Given the high impact on availability, critical services relying on these devices could experience downtime, affecting business continuity. Additionally, compromised devices could be leveraged in botnets or for launching further attacks, increasing the threat landscape. The lack of patches means organizations must rely on compensating controls to mitigate risk. The vulnerability's local attack vector implies that attackers need network access to the device, which may be possible through compromised internal hosts or exposed management interfaces. Therefore, organizations with less segmented or poorly secured internal networks are at higher risk.

1. Immediately restrict SSH access to Mitrastar GPT-2741GNAC-N2 devices to trusted administrators only, using network access controls such as firewall rules and VPNs. 2. Implement strict network segmentation to isolate these devices from general user networks and limit exposure. 3. Monitor SSH access logs and device command usage for suspicious activity, particularly attempts to invoke "deviceinfo show file" with unusual arguments. 4. Disable or restrict the use of the "deviceinfo show file" command if possible, or replace the restricted shell with a more secure alternative that properly enforces privilege boundaries. 5. Employ intrusion detection/prevention systems (IDS/IPS) to detect anomalous behavior related to shell escapes or privilege escalation attempts. 6. Engage with Mitrastar or device vendors to obtain firmware updates or patches as soon as they become available and apply them promptly. 7. Conduct regular security audits and penetration tests focusing on device management interfaces to identify and remediate similar vulnerabilities. 8. Educate network administrators about the risks of this vulnerability and enforce strong authentication and authorization policies for device access.