AttackFeed by Joe Wagner | AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361)  - Full Disclosure

AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361)  – Full Disclosure

Posted on By Joe-W
Alert Feeds

 

Posted by Marcus Krueppel on Jul 29

================== Overview ==================
TL;DR: Using the low-privilege “admin” user account via SSH on the IoT device “USB-Server-LXL” [1], it is possible to
modify the script /etc/init.d/lighttpd which is executed by root upon restart, leading to arbitrary code execution with
root privileges.

CVE: CVE-2025-52361
Suggested CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Suggested CVSS…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
CHMLIB 0.40a Integer Overflow in LZX Decompression of CHMLib  – Full Disclosure
September 16, 2025
Alert Feeds
[REVIVE-SA-2025-002] Revive Adserver Vulnerability  – Full Disclosure
October 26, 2025
Alert Feeds
Google Firebase hosting suspension / “malware distribution” bypass  – Full Disclosure
October 21, 2025
Alert Feeds
liblcf v0.8.1 liblcf/lcf2xml: Untrusted LCF data triggers uncaught std::length_error via negative vector resize (DoS)  – Full Disclosure
August 18, 2025
AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.