| Title | 深圳市锐明技术股份有限公司 Crocus 1.3.40 Unrestricted Upload |
|---|
| Description | Shenzhen Ruiming Technology Co., Ltd. is a provider of intelligent IoT (AIoT) solutions for commercial vehicles, specializing in AI and video technologies. The Crocus system is one of its core products. Designed to leverage artificial intelligence (AI), high-definition (HD) video, big data, and autonomous driving technologies, the Crocus system helps commercial vehicles reduce traffic accidents and cargo loss, while improving the operational efficiency of enterprises or fleets.
However, the FileDir.do interface of Ruiming Technology's Crocus system has an arbitrary file upload vulnerability. Attackers can exploit this vulnerability to upload malicious scripts, which may result in server takeover. |
|---|
| Source | ⚠️ https://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F.md |
|---|
| User | nu11 (UID 81380) |
|---|
| Submission | 10/08/2025 12:35 (9 months ago) |
|---|
| Moderation | 10/17/2025 15:02 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 328918 [Shenzhen Ruiming Technology Streamax Crocus 1.3.40 FileDir.do?Action=Upload uploadFile unrestricted upload] |
|---|
| Points | 20 |
|---|