CVE-2026-48695: n/a
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg().
AI Analysis
Technical Summary
The FastNetMon Community Edition (up to 1.2.9) MikroTik plugin's _log() function constructs shell commands by concatenating the $msg parameter directly into exec() calls without sanitization. This allows an attacker who can influence command-line arguments to inject arbitrary OS commands, leading to command injection. The vulnerability is due to improper input handling in the PHP code, specifically in src/mikrotik_plugin/fastnetmon_mikrotik.php around lines 107-108. The recommended fix is to replace exec() usage with safer alternatives like file_put_contents() or to sanitize inputs using escapeshellarg().
Potential Impact
Successful exploitation allows an attacker with the ability to influence command-line arguments to execute arbitrary shell commands on the host running FastNetMon, potentially leading to system compromise or unauthorized actions. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid running FastNetMon versions up to 1.2.9 with the MikroTik plugin enabled in environments where untrusted users can influence command-line arguments. Monitoring vendor channels for updates is recommended. The vendor suggests replacing exec() calls with safer functions like file_put_contents() or sanitizing inputs with escapeshellarg(), but no official patch is currently documented.
CVE-2026-48695: n/a
Description
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg().
CVSS v3.1
Score 8.1high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The FastNetMon Community Edition (up to 1.2.9) MikroTik plugin's _log() function constructs shell commands by concatenating the $msg parameter directly into exec() calls without sanitization. This allows an attacker who can influence command-line arguments to inject arbitrary OS commands, leading to command injection. The vulnerability is due to improper input handling in the PHP code, specifically in src/mikrotik_plugin/fastnetmon_mikrotik.php around lines 107-108. The recommended fix is to replace exec() usage with safer alternatives like file_put_contents() or to sanitize inputs using escapeshellarg().
Potential Impact
Successful exploitation allows an attacker with the ability to influence command-line arguments to execute arbitrary shell commands on the host running FastNetMon, potentially leading to system compromise or unauthorized actions. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid running FastNetMon versions up to 1.2.9 with the MikroTik plugin enabled in environments where untrusted users can influence command-line arguments. Monitoring vendor channels for updates is recommended. The vendor suggests replacing exec() calls with safer functions like file_put_contents() or sanitizing inputs with escapeshellarg(), but no official patch is currently documented.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-05-22T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a15e03a891d628fdc67d93e
Added to database: 5/26/2026, 6:02:34 PM
Last enriched: 5/26/2026, 6:18:59 PM
Last updated: 5/26/2026, 9:49:07 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.