SA-2025-022 - HiveOS Client SSID Newline Injection... - Extreme Networks - 118778

Summary

An issue was discovered in Extreme Networks IQ Engine (HiveOS) before 10.7r5. With access granted to an authenticated user, arbitrary command execution is possible through exploitation of the Client-SSID setting command. This may allow unsanitized commands through newline injection.

Products Potentially Affected

OS/Product	Exposure
IQ Engine (HiveOS)	Yes

Repair Recommendations

Fixed in 10.7r5 or later.

Please see the full Security Advisory article here for more details and future updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Popular Articles

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)

GTM-P2G8KFN