| TVN ID | TVN-202509006 |
|---|---|
| CVE ID | CVE-2025-9971, CVE-2025-9972 |
| CVSS | CVE-2025-9971: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-9972: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | ICG-2510WG-LTE (EU/US) version 1.0-20240918 and earlier ICG-2510W-LTE (EU/US) version 1.0_20240411 and earlier |
| Description | CVE-2025-9971(Missing Authentication): Unauthenticated remote attackers can manipulate the device via a specific functionality. CVE-2025-9972(OS Command Injection): Unauthenticated remote attackers can inject arbitrary OS commands and execute them on the device. |
| Solution | Update ICG-2510WG-LTE (EU/US) to version 1.0_20250811 or later Update ICG-2510W-LTE (EU/US) to version 1.0_20250811 or later |
| Credit | Yu-Chieh Kuo, Shi-Yi Xie, Li-Fan Cheng, Chih-Che Chang, An-Wei Kung (NICS) |
| Public Date | 2025-09-17 |
:::