CVE-2025-13605
CriticalSummary
The 3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the 'IP address' field of the diagnosis test tools.
Risk Assessment
Exploitation of this vulnerability could lead to full system compromise, posing a serious security threat to the organization.
Recommendation
It is recommended to update the firmware to version 3.0.59B2024080600R4353 to mitigate this vulnerability.
Original NVD description (English source)
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware version 3.0.59B2024080600R4353

