Critical Vulnerability Information ID VAR:202107-1715 CVE CVE-2025-34044 Title WIFI SKY 7-layer flow control router has command execution vulnerabilities Description A remote command injection vulnerability exists in the confirm.php interface of the WIFI SKY 7-layer Flow Control Router. By crafting a specific HTTP GET request, an attacker can exploit the 't' parameter to execute arbitrary OS commands. Due to insufficient input validation, unauthorized attackers can exploit this vulnerability to take control of the server. Affected Products Vendor: airspace Model: wifi sky 7 layer flow control router CVSS Score CVSSv2 - Severity: CRITICAL - Base Score: 10.0 CVSSv3 - Severity: HIGH - Base Score: 7.1 Problem Type Data CWE-20 CWE-78 External IDs CNVD: CNVD-2021-45363 NVD: CVE-2025-34044 References https://www.variotdbp.eu/vuln/var-202107-1715/ https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/wifisky?.rce.yaml https://www.cnvd.org.cn/flaw/show/CNVD-2021-45363 https://s4e.io/tools/wifisky-7-layer-flow-control-router-remote-code-execution http://www.szwifiisky.com/ https://vulncheck.com/advisories/wifisky-flow-control-router.rce Last Updated 2025-06-28T23:42:47.235200+00:00