| 제목 | 深圳市锐明技术股份有限公司 Crocus 1.3.40 Unrestricted Upload |
|---|
| 설명 | Shenzhen Ruiming Technology Co., Ltd. is a provider of intelligent IoT (AIoT) solutions for commercial vehicles, specializing in AI and video technologies. The Crocus system is one of its core products. Designed to leverage artificial intelligence (AI), high-definition (HD) video, big data, and autonomous driving technologies, the Crocus system helps commercial vehicles reduce traffic accidents and cargo loss, while improving the operational efficiency of enterprises or fleets.
However, the FileDir.do interface of Ruiming Technology's Crocus system has an arbitrary file upload vulnerability. Attackers can exploit this vulnerability to upload malicious scripts, which may result in server takeover. |
|---|
| 원천 | ⚠️ https://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F.md |
|---|
| 사용자 | nu11 (UID 81380) |
|---|
| 제출 | 2025. 10. 08. PM 12:35 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 17. PM 03:02 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 328918 [Shenzhen Ruiming Technology Streamax Crocus 1.3.40 FileDir.do?Action=Upload uploadFile 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|