From this webpage screenshot, the following key vulnerability information can be obtained: Vulnerability ID: MNDDT-2025-0001 Description: EnerSys AMPA 22.09 and earlier versions contain a command injection vulnerability that could lead to privileged remote shell access. Impact: High risk. This vulnerability allows remote shell access via the web interface, enabling attackers to execute unauthorized code on the device. Exploitability: High. Any unauthenticated network user can exploit this vulnerability to gain remote shell access. CVE ID: CVE-2024-11861 Common Weakness Enumeration: CWE-77: Improper Neutralization of Special Elements Used in a Command ("Command Injection") Details: This is a retrospective CVE ID assigned in 2024, but the vulnerability was discovered and fixed in 2022. Products currently using the EnerSys library include Alpha XM3.1 Broadband UPS and Alpha Gateway firmware. The following versions are not affected by this vulnerability: - Alpha XM3.1 Broadband UPS 1.06.00 and higher - Alpha Gateway Firmware 2.02.00 and higher Remediation: The issue was fixed in AMPA version 22.10. Discoverer: Discovered by EnerSys in 2022. Disclosure Timeline: - Calendar year 2022 – Discovered and fixed in AMPA version 22.10 - April 23, 2025 – Disclosed by EnerSys via CVE-2024-11861 References: - https://www.energys.com/ - https://www.energys.com/en/products/cable-broadband-solutions/broadband-ups/xm3.1-hp-broadband-ups/ - https://www.energys.com/4996bf/globalassets/documents/corporate/cve/energys%5fcve-2024-11861-final.pdf