CNNVD-202511-1362 Information

Nov 12, 2025 cve

CNNVD ID

CNNVD-202511-1362

CVE-2021-4463

CNNVD Published: 2025-11-12

Description (Chinese)

Longjing BEMS API是中国龙净（Longjing）公司的一个电池能量管理系统的接口。 Longjing BEMS API 1.21及之前版本存在安全漏洞，该漏洞源于downloads端点存在任意文件下载问题，可能导致访问敏感文件。

Description (English)

Longjing BEMS API is an interface for a battery energy management system at Longjing. Longjing BEMS API 1.21 and previous versions had a security loophole resulting from random downloads of documents at the downloads endpoint, which could lead to access to sensitive documents.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

龙净

Published

2025-11-12

Last Modified

2026-02-24

References

https://packetstormsecurity.com/files/163702 http://www.ljkj2012.com/ https://web.archive.org/web/20220527162453/ https://www.exploit-db.com/exploits/50163 https://www.vulncheck.com/advisories/longjing-technology-bems-api-remote-arbitrary-file-download https://exchange.xforce.ibmcloud.com/vulnerabilities/206477 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php https://cxsecurity.com/issue/WLB-2021070173 https://access.redhat.com/security/cve/cve-2021-4463

Share on: