PT-2025-6919 · Synway · Synway Smg Gateway Management
Steven_Dra3W
·
Published
2025-02-19
·
Updated
2025-02-24
·
CVE-2025-1448
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Synway SMG Gateway Management Software up to 20250204
Description
A critical issue affects the processing of the file 9-12ping.php in Synway SMG Gateway Management Software. The manipulation of the
retry argument leads to command injection. This issue can be exploited remotely.Recommendations
For Synway SMG Gateway Management Software up to 20250204, as a temporary workaround, consider disabling the
9-12ping.php file until a patch is available. Restrict access to the retry argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Synway Smg Gateway Management