Lucene search
K
StreamaxStreamax Crocus

7 matches found

CVE
CVE
added 2025/10/17 8:2 p.m.21 views

CVE-2025-11912

CVE-2025-11912 affects Shenzhen Ruiming Technology’s Streamax Crocus v1.3.40. The vulnerability resides in the Query function of /DeviceState.do (Action=Query), where manipulating the orderField parameter enables SQL injection. It can be triggered remotely, and published exploits exist. Multiple ...

8.8CVSS6.5AI score0.0045EPSS
CVE
CVE
added 2025/10/17 8:32 p.m.20 views

CVE-2025-11914

The CVE-2025-11914 entry concerns Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The Vulnerable component is the Download function at /DeviceFileReport.do?Action=Download, where manipulating the FilePath argument enables path traversal. The attack could be initiated remotely, and public expl...

7.5CVSS6.4AI score0.00813EPSS
CVE
CVE
added 2025/10/17 6:32 p.m.14 views

CVE-2025-11908

The CVE-2025-11908 entry describes a remote, unrestricted file-upload flaw in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The vulnerable component is the uploadFile function under the endpoint /FileDir.do?Action=Upload; malicious manipulation of the File argument enables unrestricted file...

8.8CVSS6.4AI score0.00454EPSS
CVE
CVE
added 2025/10/17 7:32 p.m.12 views

CVE-2025-11911

CVE-2025-11911 affects Shenzhen Ruiming Technology’s Streamax Crocus 1.3.40. The vulnerability resides in the function handling the URL path /DeviceFault.do?Action=Query, where manipulating the argument sortField triggers a SQL injection. It is exploitable remotely, and public exploits exist. Mul...

8.8CVSS6.7AI score0.0045EPSS
CVE
CVE
added 2025/10/17 8:2 p.m.12 views

CVE-2025-11913

CVE-2025-11913 affects Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The vulnerability is in the Download function of the file /Service.do?Action=Download, where manipulation of the Path argument leads to path traversal. It can be exploited remotely and the exploit has been disclosed public...

6.5CVSS6.5AI score0.00783EPSS
CVE
CVE
added 2025/10/17 6:32 p.m.10 views

CVE-2025-11909

CVE-2025-11909 affects Shenzhen Ruiming Technology Streamax Crocus (v1.3.40). The vulnerable element is the function queryLast in /RepairRecord.do?Action=QueryLast, where manipulating the argument orderField enables SQL injection. The flaw can be exploited remotely and public PoCs exist. Affected...

8.8CVSS6.5AI score0.0045EPSS
CVE
CVE
added 2025/10/17 7:32 p.m.10 views

CVE-2025-11910

CVE-2025-11910 affects Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The vulnerability lies in the function Query of the file /MemoryState.do?Action=Query, where manipulating the argument orderField enables a SQL injection. The issue is exploitable remotely, and public exploit information h...

8.8CVSS6.7AI score0.0045EPSS