CVE-2025-11910

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The explo...

CVE-2025-11912

CVE-2025-11912 affects Shenzhen Ruiming Technology’s Streamax Crocus v1.3.40. The vulnerability resides in the Query function of /DeviceState.do (Action=Query), where manipulating the orderField parameter enables SQL injection. It can be triggered remotely, and published exploits exist. Multiple ...

CVE-2025-11911

CVE-2025-11911 affects Shenzhen Ruiming Technology’s Streamax Crocus 1.3.40. The vulnerability resides in the function handling the URL path /DeviceFault.do?Action=Query, where manipulating the argument sortField triggers a SQL injection. It is exploitable remotely, and public exploits exist. Mul...

CVE-2025-11909

A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote...

CVE-2025-11908 Shenzhen Ruiming Technology Streamax Crocus FileDir.do uploadFile unrestricted upload

A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...