Remote Command Injection Vulnerability in WIFISKY 7-Layer Flow Control Router
CVE-2025-34044

9.4CRITICAL

Key Information:

Vendor

Shenzhen Lingkong Technology

Status
Wifisky 7-layer Flow Control Router
Vendor
CVE Published:
26 June 2025

What is CVE-2025-34044?

A remote command injection vulnerability is present in the confirm.php interface of the WIFISKY 7-layer Flow Control Router. This flaw arises from inadequate input validation, which permits unauthenticated attackers to send specially-crafted HTTP GET requests to execute arbitrary operating system commands. Users of the affected product should take immediate action to mitigate this security risk and protect against potential exploitation.

Affected Version(s)

WIFISKY 7-layer flow control router 0

References

http://www.szwifisky.com/
product
https://www.cnvd.org.cn/flaw/show/CNVD-2021-45363
third-party-advisory
https://s4e.io/tools/wifisky-7-layer-flow-control-router-...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-34044 : Remote Command Injection Vulnerability in WIFISKY 7-Layer Flow Control Router