CVE-2025-11912 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceState.do?Action=Query orderField sql injection

Inserito da Angelo Barbosa | Ott 17, 2025 | CVE

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been classified as critical. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection.

This vulnerability is handled as CVE-2025-11912. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11912 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceState.do?Action=Query orderField sql injection

Post correlati

CVE-2024-2413 | Intumit SmartRobot up to 6.1.2-202212tw hard-coded key

CVE-2024-13305 | Drupal Entity Form Steps up to 1.1.3 cross site scripting

CVE-2023-29117 | Enel X JuiceBox Pro 3.0 22kW Cellular up to 2.1.1.0_JB3VU096A improper authentication

CVE-2024-6892 | Journyx jtime 11.5.4 Link cross site scripting