{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:42:23.800","vulnerabilities":[{"cve":{"id":"CVE-2025-3499","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2025-07-09T09:15:27.297","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The device has two web servers that expose unauthenticated REST APIs on the management network (TCP\nports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary\ncommands that are executed with administrative permissions by the underlying operating system."},{"lang":"es","value":"El dispositivo cuenta con dos servidores web que exponen API REST no autenticadas en la red de administración (puertos TCP 8084 y 8086). Al aprovechar la inyección de comandos del sistema operativo a través de estas API, un atacante puede enviar comandos arbitrarios que el sistema operativo subyacente ejecuta con permisos administrativos."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.cvcn.gov.it/cvcn/cve/CVE-2025-3499","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}}]}