CNNVD-202510-2471 Information
CNNVD ID
CNNVD-202510-2471
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
Streamax Crocus是中国锐明(Streamax)公司的一个用于减少商用车减少交通事故和货物丢失的系统。 Streamax Crocus 1.3.40版本存在代码问题漏洞,该漏洞源于对文件/FileDir.do中参数File的错误操作,可能导致任意文件上传攻击。
Description (English)
Streamax Crocus is a system used by Straamax China to reduce traffic accidents and cargo losses in commercial vehicles. There is a code problem loophole in the Straamax Crocus 1.3.40 version, which stems from an error of action on File, the parameter in file/FileDir.do, which could lead to an attack on the upload of any document.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
锐明
Published
2025-10-17
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.328918 https://vuldb.com/?id.328918 https://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F.md https://vuldb.com/?submit.671391 https://access.redhat.com/security/cve/cve-2025-11908
Share on: