Raisecomm RAX701-GC Series

Act Now9.8ICS-CERT ICSA-25-294-06Oct 21, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A critical authentication bypass vulnerability in Raisecomm RAX701-GC router series (CWE-288) allows a remote attacker to gain unauthenticated root shell access to affected devices. The vulnerability affects RAX701-GC-WP-01 models with firmware versions 5.5.13_20180720, 5.5.36_20190709, and 5.5.27_20190111. RaiseComm has not committed to developing a firmware patch. Successful exploitation grants an attacker complete control over the device, enabling them to intercept traffic, modify network configurations, or disrupt critical ICS communications.

What this means

What could happen

An unauthenticated attacker with network access could gain root-level shell access to RAX701-GC router devices, allowing them to modify network traffic, intercept data, or disrupt connectivity to critical control systems in water or electric utilities.

Who's at risk

Water authorities and municipal electric utilities that rely on Raisecomm RAX701-GC routers for SCADA network connectivity or remote site management are affected. These devices are commonly deployed at water treatment plants, pump stations, substations, and other unmanned remote facilities to provide secure network connectivity for PLCs, RTUs, and SCADA systems.

How it could be exploited

An attacker on the network sends a specially crafted request to the device that bypasses the authentication mechanism (CWE-288 authentication weakness). Because no credentials are required and the device accepts the request remotely, the attacker receives an unauthenticated root shell prompt and can execute arbitrary commands.

Prerequisites

Network access to the RAX701-GC device (typically port 22 SSH or device management interface)
No authentication credentials required

Remotely exploitableNo authentication requiredLow complexityNo patch availableAuthentication bypass vulnerabilityCritical severity (CVSS 9.8)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

RAX701-GC-WP-01 P200R002C52: Firmware__5.5.27_20190111Firmware 5.5.27 20190111No fix (EOL)

RAX701-GC-WP-01 P200R002C53: 5.5.13_20180720|5.5.36_201907095.5.13 20180720|5.5.36 20190709No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate RAX701-GC devices from internet-facing networks and restrict access to authorized management workstations only using firewall rules

WORKAROUNDIf remote access to the device is required, implement a VPN with the most current security patches and restrict VPN access to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic for suspicious connections to RAX701-GC device management ports and implement intrusion detection rules for authentication bypass attempts

Long-term hardening

0/1

HOTFIXContact RaiseComm customer support to inquire about future firmware updates or extended support options, as no patch is currently available

CVEs (1)

CVE-2025-11534

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/63af18b3-4caa-4a0d-8211-60189a7496e0