Easywall v0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint | Advisories

Advisories

Easywall v0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint

severity: high
date: 12/4/2025
Affecting: Easywall v0.3.1
CVE: CVE-2024-58275
CVE type: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-51856
Easywall Homepage
Easywall GitHub Repository
Credit: Melvin Mejia
Description: Easywall v0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo