CNNVD-202510-2270 Information

CNNVD ID

CNNVD-202510-2270

Related CVE

CVE-2023-7311

• CNNVD Published: 2025-10-15

Description (Chinese)

BESTWOND Intelligent Flow Control Router是中国百为智能（BESTWOND）公司的一款智能流控路由器。 BESTWOND Intelligent Flow Control Router存在安全漏洞，该漏洞源于未正确验证path参数并将其回显到shell环境中，可能导致执行任意shell命令。

Description (English)

BESTWOND Intelligent Flow Control Router is a smart flow router for 100 smart Chinese companies. There is a security loophole in BESTWOND Intelligent Flow Control Router, which stems from the incorrect validation of the path parameter and its re-emergence in the shell environment, which may lead to the execution of any shell order.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

百为智能

Published

2025-10-15

Last Modified

2026-02-24

References

https://blog.csdn.net/zkaqlaoniao/article/details/134328873 https://github.com/adysec/nuclei_poc/blob/49c283b2bbb244c071786a2b768fbdde1b91f38e/poc/web/bytevalue_goform_webread_open_rce.yaml https://isc.sans.edu/diary/Exploit+against+Unnamed+Bytevalue+router+vulnerability+included+in+Mirai+Bot/30642 https://www.vulncheck.com/advisories/bytevalue-intelligent-flow-control-router-command-injection