PT-2026-28681 · Shenzhen Ruiming Technology · Streamax Crocus

0Menc

Publicado

2026-03-27

Atualizado

2026-03-27

CVE-2026-4955

CVSS v3.1

7.3

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2026-4955

Produtos afetados

Streamax Crocus

PT-2026-28681 · Shenzhen Ruiming Technology · Streamax Crocus

CVE-2026-4955

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6