CVE Alert: CVE-2025-11045 - WAYOS - LQ_04

CVE-2025-11045

HIGHNo exploitation known

A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

CVSS v3.1 (7.3)

Vendor

WAYOS, WAYOS, WAYOS, WAYOS, WAYOS

Product

LQ_04, LQ_05, LQ_06, LQ_07, LQ_09

Versions

22.03.17 | 22.03.17 | 22.03.17 | 22.03.17 | 22.03.17

CWE

CWE-77, Command Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-09-26T20:32:07.749Z

Updated

2025-09-26T20:32:07.749Z

References

https://vuldb.com/?id.326082

https://vuldb.com/?ctiid.326082

https://vuldb.com/?submit.658913

https://vuldb.com/?submit.661153

https://vuldb.com/?submit.661168

https://vuldb.com/?submit.661177

https://vuldb.com/?submit.661178

https://www.yuque.com/yuqueyonghuexlgkz/zepczx/py3shgm1z88g9xp2?singleDoc

https://www.yuque.com/yuqueyonghuexlgkz/zepczx/ogyduynf84q89x99?singleDoc

AI Summary Analysis

Risk verdict

High risk with publicly available exploit; treat as priority 1.

Why this matters

Remote command injection on WayOS LQ devices enables execution of arbitrary commands without user interaction, potentially enabling full device takeover or network footholds. The impact can include disruption of device operation, data exposure, and lateral movement into adjacent assets if the device can reach internal networks.

Most likely attack path

Attackers can exploit a remote, unauthenticated web interface (AV:N, PR:N, UI:N) by sending crafted input to the Name parameter of usb_paswd.asp, triggering command execution. The CVSS indicates low confidentiality/integrity/availability impact per some vectors, but the combination of remote access and no user interaction makes it a practical initial breach. Without proper segmentation, an exposed device could be used to reach other systems; scope remains U, so exploitation stays within the device unless further access is gained.

Who is most exposed

Devices in LAN-edge deployments or SMB networks with publicly reachable admin interfaces are most at risk; any environment where the WayOS web UI is accessible from the network (or Internet) increases exposure.

Detection ideas

Anomalous requests to /usb_paswd.asp with crafted Name values
Unexpected command executions or new processes on affected devices
Unusual outbound connections or beaconing from the device
Access attempts to the admin UI from unfamiliar IPs or geographies

Mitigation and prioritisation

Apply vendor patch or update to fixed firmware; treat as priority 1 if KEV/EPSS indicators confirm active exploitation
If patching is delayed, restrict/admin UI exposure (VPN-only access, IP allowlists), and segment the device from critical assets
Implement input validation/sanitisation for the Name parameter; deploy WAF/IPS rules to block injection patterns
Strengthen logging and alerting around usb_paswd.asp activity; enable detailed forensic captures
Schedule patching through change-management; test in staging and verify post-mitigation integrity

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-11045, lq-04, lq-05, lq-06, lq-07, lq-09, OSINT, threatintel, wayos

CVE Alert: CVE-2025-11045 – WAYOS – LQ_04