cvedb.io
CVE-2025-43979
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2025-08-05T16:15:29.100 · Last modified 2026-06-17T09:24:51.770

Summary

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.