CVE-2025-3002

Name of the Vulnerable Software and Affected Versions Digital China DCME-520 up to 20250320

Description A critical issue has been found in the processing of the file /usr/local/WWW/function/audit/newstatistics/mon merge stat hist.php. The manipulation of the type name argument leads to os command injection. This issue can be exploited remotely.

Recommendations For Digital China DCME-520 up to 20250320, as a temporary workaround, consider restricting access to the file /usr/local/WWW/function/audit/newstatistics/mon merge stat hist.php to minimize the risk of exploitation. Avoid using the type name argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.