A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands.
CVE ID: CVE-2025-34044
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.4
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Vendor: Shenzhen Lingkong Technology
Product: WIFISKY 7-layer flow control router
EPSS Score: 0.12% (probability of being exploited)
EPSS Percentile: 31.91% (scored less or equal to compared to others)
EPSS Date: 2025-07-09 (when was this score calculated)