7 matches found
CVE-2025-11912
CVE-2025-11912 affects Shenzhen Ruiming Technology’s Streamax Crocus v1.3.40. The vulnerability resides in the Query function of /DeviceState.do (Action=Query), where manipulating the orderField parameter enables SQL injection. It can be triggered remotely, and published exploits exist. Multiple ...
CVE-2025-11914
The CVE-2025-11914 entry concerns Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The Vulnerable component is the Download function at /DeviceFileReport.do?Action=Download, where manipulating the FilePath argument enables path traversal. The attack could be initiated remotely, and public expl...
CVE-2025-11908
The CVE-2025-11908 entry describes a remote, unrestricted file-upload flaw in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The vulnerable component is the uploadFile function under the endpoint /FileDir.do?Action=Upload; malicious manipulation of the File argument enables unrestricted file...
CVE-2025-11911
CVE-2025-11911 affects Shenzhen Ruiming Technology’s Streamax Crocus 1.3.40. The vulnerability resides in the function handling the URL path /DeviceFault.do?Action=Query, where manipulating the argument sortField triggers a SQL injection. It is exploitable remotely, and public exploits exist. Mul...
CVE-2025-11913
CVE-2025-11913 affects Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The vulnerability is in the Download function of the file /Service.do?Action=Download, where manipulation of the Path argument leads to path traversal. It can be exploited remotely and the exploit has been disclosed public...
CVE-2025-11909
CVE-2025-11909 affects Shenzhen Ruiming Technology Streamax Crocus (v1.3.40). The vulnerable element is the function queryLast in /RepairRecord.do?Action=QueryLast, where manipulating the argument orderField enables SQL injection. The flaw can be exploited remotely and public PoCs exist. Affected...
CVE-2025-11910
CVE-2025-11910 affects Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The vulnerability lies in the function Query of the file /MemoryState.do?Action=Query, where manipulating the argument orderField enables a SQL injection. The issue is exploitable remotely, and public exploit information h...