🚨 BREAKING

CVE-2025-71284: Critical RCE in Synway SMG Gateway Management Software

/CRITICAL /CVSS 9.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severityremote-code-executioncwe-78
CVE-2025-71284: Critical RCE in Synway SMG Gateway Management Software

The National Vulnerability Database has detailed CVE-2025-71284, a critical OS command injection vulnerability in Synway SMG Gateway Management Software. Specifically, the RADIUS configuration endpoint at /en/9-2radius.php is vulnerable. The radius_address POST parameter, along with others like radius_address2, shared_secret2, source_ip, timeout, and retry, are directly interpolated into a sed command without proper sanitization.

This flaw allows an unauthenticated remote attacker to inject arbitrary shell commands by sending a crafted POST request. The impact is severe, enabling remote code execution (RCE) with a CVSS score of 9.8. The Shadowserver Foundation first observed exploitation evidence for this vulnerability on July 11, 2025.

Defenders must recognize the gravity of unauthenticated RCE. This isn’t theoretical; it’s a direct path for attackers to gain full control over affected gateways. The lack of specified affected products by the National Vulnerability Database means organizations using Synway SMG Gateway Management Software must assume they are at risk unless proven otherwise.

What This Means For You

  • If your organization uses Synway SMG Gateway Management Software, immediately identify all instances. This CVE-2025-71284 is an unauthenticated RCE, meaning attackers can gain full control without credentials. Isolate these devices from public networks if possible and apply any available patches or vendor mitigations. Audit logs for suspicious activity, particularly around RADIUS configuration endpoints.

Indicators of Compromise

IDTypeIndicator
CVE-2025-71284 OS Command Injection Synway SMG Gateway Management Software
CVE-2025-71284 RCE Vulnerable endpoint: /en/9-2radius.php
CVE-2025-71284 OS Command Injection Vulnerable parameters: radius_address, radius_address2, shared_secret2, source_ip, timeout, retry
CVE-2025-71284 OS Command Injection Attack vector: POST request to /en/9-2radius.php with save=1 and enable_radius=1

Written by SCW Vulnerability Desk

🔎
Track Critical Vulnerabilities Use /brief to get an analyst-ready weekly threat summary with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 30, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-3833 — Gnutls Information Disclosure

CVE-2026-3833 — A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name`...

vulnerabilityCVEmedium-severityinformation-disclosurecwe-178
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-36763 — The /Api/Blade-Desk/Notice/Submit Endpoint Of SpringBlade Cross-Site Scripting (XSS)

CVE-2026-36763 — A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /6.1 /⚑ 2 IOCs /⚙ 5 Sigma

CVE-2026-36761 — The /Msg/MsgInner/Save Endpoint Of JeeSite Cross-Site Scripting (XSS)

CVE-2026-36761 — A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /6.1 /⚑ 2 IOCs /⚙ 3 Sigma