PT-2025-9681 · Unknown · Broadlinkmanager

Baran Teyin

Publicado

2025-03-04

Atualizado

2025-03-05

CVE-2025-26320

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions BroadlinkManager version 5.9.1

Description The issue is related to an OS command injection vulnerability. This vulnerability can be exploited via the IP Address parameter at the "/device/ping" API endpoint.

Recommendations For BroadlinkManager version 5.9.1, avoid using the IP Address parameter in the "/device/ping" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/device/ping" endpoint to minimize the risk of exploitation.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2025-26320

Produtos afetados

Broadlinkmanager

PT-2025-9681 · Unknown · Broadlinkmanager

CVE-2025-26320

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7