OS Command Injection in OptiLink ONT1GEW GPON Router Firmware
CVE-2025-34049

9.4CRITICAL

Key Information:

Vendor

Optilink

Status
Ont1gew Gpon
Vendor
CVE Published:
26 June 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-34049?

An OS command injection vulnerability has been identified in the web management interface of the OptiLink ONT1GEW GPON router. The firmware versions V2.1.11_X101 Build 1127.190306 and earlier are susceptible due to inadequate sanitization of user input in the target_addr parameter within the formTracert and formPing administrative endpoints. This flaw allows authenticated attackers to inject arbitrary OS commands, executing them with root privileges, which can lead to the full compromise of the device and unauthorized access to the network.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ONT1GEW GPON 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34049 - Proof of Concept

CVE-2025-34049 - Proof of Concept

References

https://www.exploit-db.com/exploits/49955
exploit
https://optilinknetwork.com/
product
https://vulncheck.com/advisories/optilink-ont1gew-router-rce
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

SecNigma
Amal
JSON
.