PT-2026-28673 · Shenzhen Ruiming Technology · Streamax Crocus

0Menc

+1

·

Publicado

2026-03-27

·

Atualizado

2026-03-27

·

CVE-2026-4910

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Shenzhen Ruiming Technology Streamax Crocus versions up to 1.3.44
Description A security issue exists in Shenzhen Ruiming Technology Streamax Crocus. The issue involves a SQL injection affecting an unknown function within the /RemoteFormat.do file of the Endpoint component. Manipulation of the State argument can lead to SQL injection, and the attack can be launched remotely. The exploit has been publicly disclosed.
Recommendations Versions prior to 1.3.44 should be updated.

Exploit

Correção

RCE

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2026-4910

Produtos afetados

Streamax Crocus