CVE-2018-11553

Name of the Vulnerable Software and Affected Versions SGIN.CN xiangyun platform version 9.4.10

Description The issue is related to a security problem where an attacker can inject malicious code. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the API endpoint "/login.php" and the vulnerable parameter login url.

Recommendations For version 9.4.10, avoid using the login url parameter in the "/login.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/login.php" endpoint to minimize the risk of exploitation.