CVE-2025-43989 | Shenzhen Tuoshi NR500-EA 3.4.2731.16.43 /goform/formJsonAjaxReq set_timesetting ntpserver0 os command injection

A vulnerability was found in Shenzhen Tuoshi NR500-EA 3.4.2731.16.43. It has been classified as critical. This affects the function set_timesetting of the file /goform/formJsonAjaxReq. The manipulation of the argument ntpserver0 leads to os command injection.

This vulnerability is uniquely identified as CVE-2025-43989. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More