CVE-2025-6102
📋 TL;DR
This critical vulnerability in Wifi-soft UniBox Controller allows remote attackers to execute arbitrary operating system commands via command injection in the logout.php file's mac_address parameter. Attackers can gain full control of affected systems without authentication. All users running vulnerable versions are at risk.
💻 Affected Systems
- Wifi-soft UniBox Controller
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to install malware, steal data, pivot to other systems, or establish persistent backdoors.
Likely Case
Remote code execution leading to system takeover, data exfiltration, or deployment of ransomware/cryptominers.
If Mitigated
Limited impact if proper network segmentation, web application firewalls, and input validation are in place.
🎯 Exploit Status
Public exploit details are available, making this easily weaponizable by attackers with basic skills.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor has not responded to disclosure. Consider workarounds or alternative solutions.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock or sanitize requests containing shell metacharacters in the mac_address parameter
# Example ModSecurity rule: SecRule ARGS:mac_address "[;|&`$()]" "deny,status:403,id:1001"
Network Access Control
linuxRestrict access to the UniBox Controller management interface
# Example iptables rule: iptables -A INPUT -p tcp --dport [controller-port] -s [trusted-ips] -j ACCEPT
# iptables -A INPUT -p tcp --dport [controller-port] -j DROP
🧯 If You Can't Patch
- Isolate the UniBox Controller on a dedicated VLAN with strict firewall rules
- Implement network-based intrusion detection to monitor for command injection attempts
🔍 How to Verify
Check if Vulnerable:
Check if running UniBox Controller version 20250506 or earlier. Test by sending a request to /authentication/logout.php with mac_address parameter containing shell metacharacters (monitor system response).Check Version:
Check controller web interface or configuration files for version informationVerify Fix Applied:
Test with the same exploit payloads after implementing workarounds - should receive error or blocked response instead of command execution.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /authentication/logout.php with shell metacharacters in parameters
- Unexpected system commands executed from web server process
Network Indicators:
- HTTP requests containing shell metacharacters like ;, |, &, `, $, (, ) in URL parameters
- Outbound connections from controller to unexpected destinations
SIEM Query:
source="web_server" AND (url="/authentication/logout.php" AND (param="*;*" OR param="*|*" OR param="*&*" OR param="*`*" OR param="*$(*"))