4 matches found
CVE-2025-11786
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...
CVE-2025-11786
CVE-2025-11786 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The root cause is in SetUserPassword(): the input parameter newPassword is inserted into a shell command string using sprintf() without sanitisation and then executed with system() . This enables a potential attacker to inject arbitrar...
CVE-2025-11786 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the SetUserPassword function not clearing the newPassword parameter, which could...