CVE Catalog
CVE-2025-29269
CriticalCVSS 9.8Exploitation Probability (EPSS)
High risk1.90%
77th percentile - higher than 77% of all known CVEs
Summary
An OS command injection vulnerability was discovered in ALLNET ALL-RUT22GW version 3.3.8 via the 'command' parameter in the popen.cgi endpoint. An attacker can remotely execute arbitrary system commands.
Risk Assessment
The risk for the organization includes full device compromise, potentially leading to breach of network confidentiality, integrity, and availability.
Recommendation
Immediately update the firmware to the latest version and restrict access to the management interface to trusted IP addresses only.
Original NVD description (English source)
ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.

