← voltar
CVE-2025-3002

Digital China DCME-520 mon_merge_stat_hist.php os command injection

CVSS 6.9 MEDIUMEPSS 16.4%CWE-77CWE-78
Vexday Risk Score
18Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.9EPSS 16.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
31 mar 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Produtos afetados
Digital China · DCME-520

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Fizz-L/CVE1/blob/main/DCME-520%20Remote%20command%20execution.mdhttps://vuldb.com/?ctiid.302051https://vuldb.com/?id.302051https://vuldb.com/?submit.524225