PT-2026-21556 · Shuoren · Smart Heating Integrated Management Platform

Zsmaaa

Publicado

2026-02-23

Atualizado

2026-03-03

CVE-2026-3025

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ShuoRen Smart Heating Integrated Management Platform version 1.0.0

Description A flaw exists in ShuoRen Smart Heating Integrated Management Platform version 1.0.0, related to an unknown functionality within the file /MP/Service/Webservice/ExampleNodeService.asmx. Manipulation of the File argument can lead to unrestricted file upload, allowing for remote exploitation. The exploit has been published. The vendor was contacted but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-284

Identificadores relacionados

CVE-2026-3025

Produtos afetados

Smart Heating Integrated Management Platform

PT-2026-21556 · Shuoren · Smart Heating Integrated Management Platform

CVE-2026-3025

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10