CVE-2026-4956 | Shenzhen Ruiming Technology Streamax Crocus 1.3.44 Parameter DevicePrint.do?Action=ReadTask State sql injection

A vulnerability labeled as critical has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection.

This vulnerability is reported as CVE-2026-4956. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4956 | Shenzhen Ruiming Technology Streamax Crocus 1.3.44 Parameter DevicePrint.do?Action=ReadTask State sql injection

Post correlati

CVE-2024-32282 | Tenda FH1202 1.2.0.14(408) formexeCommand cmdinput command injection

CVE-2024-34738 | Google Android 13/14 AppOpsService.java state issue

CVE-2025-14637 | itsourcecode Online Pet Shop Management System 1.0 /pet1/addcnp.php cnpname sql injection

CVE-2024-31803 | emp-ot 0.2.4 read_pre_data128_from_file buffer overflow