CVE-2025-11779

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CircutorSGE-PLC1000/SGE-PLC50 version 9.0.2

Description A stack-based buffer overflow exists in the SetLan function of the software. This function is triggered when a new configuration is applied via a management web request to the 'index.cgi' web application. Insufficient input sanitization of parameters allows for potential command injection.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the 'index.cgi' web application to minimize the risk of exploitation.

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2025-11779

Affected Products

Circutorsge-Plc1000/Sge-Plc50

CVE-2025-11779

Weakness Enumeration

Related Identifiers

Affected Products

References · 7