Hello and welcome to the Thursday, October 23rd, 2025 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu graduate certificate program in

industrial control systems security. Our honeypots get caught a newish exploit and this one targets

URL webcontrol.cg.i that's typically associated with the Blue Angel software suite.

This is embedded software. It's often found in customer premise equipment, like routers,

voice over IP equipment and such. That often uses this software made by 5V technologies.

So it's not really sort of a household name or you may not necessarily know that your particular device runs on this software. The problem here is a basic

OS command injection vulnerability that's very typical for this kind of equipment. A lot of times they do have a debug feature that allows you to ping hosts from the device.

You of course need to provide an IP address or a host name that's then passed on the command line as part of the ping command.

Well, if you're not careful and that apparently is what happened here,

there is the possibility of injecting

additional operating system commands.

So very classic vulnerability.

I had a little bit of hard time assigning it

an exact CBE,

and I'm actually not sure if I got the right one here.

Last or this July, there was a new CVE found in this particular software suite, CVE 2025-34-033.

Very similar to the description to what we are seeing here.

However, the description of the CVE suggests a get request and also uses a

slightly different parameter name for the actual vulnerable parameter. But overall looks sort of like

the same vulnerability, possibly also in some other equipment. All these types of equipment are very similar to each other,

...