| tiêu đề | Hangzhou Synway Digital Information Technology Co.,Ltd. SMG Gateway Management Software 9-12ping.php Command Injection |
|---|
| Mô tả | The `9-12ping.php` file in Hangzhou Sanhui SMG Gateway Management Software is vulnerable to command execution. Attackers can exploit this vulnerability by crafting specific HTTP POST requests to execute arbitrary commands on the target system. This vulnerability can be exploited **without authentication** and affects multiple assets, as confirmed by FOFA search results (853 entries with the title "Gateway Management Software").
Arbitrary Command Execution: Attackers can execute system commands to gain full control over the target device.
Sensitive Information Disclosure: Commands may be used to retrieve sensitive data (e.g., configurations, credentials).
Service Disruption: Malicious commands could crash the device or disrupt critical operations. |
|---|
| Nguồn | ⚠️ https://github.com/stevenchen0x01/CVE/issues/1 |
|---|
| Người dùng | Steven_Dra3w (UID 76559) |
|---|
| Đệ trình | 04/02/2025 13:30 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 18/02/2025 16:58 (14 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 296135 [Synway SMG Gateway Management Software đến 20250204 9-12ping.php retry nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|