CVE-2025-4106
Description
An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0 before 12.11.2.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-4106? +
How do I check if I'm vulnerable to CVE-2025-4106? +
Related Vulnerabilities
A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with …
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an …
Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, …
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series …
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege …
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web …