CNNVD-202512-1757 Information
CNNVD ID
CNNVD-202512-1757
Related CVE
- CNNVD Published: 2025-12-10
Description (Chinese)
Neuron是EMQ开源的一款工业物联网(IIoT)连接服务器。用于现代大数据和 AI/ML 技术,以利用工业 4.0 的力量。 Neuron 2.8.11及之前版本存在代码注入漏洞,该漏洞源于MySQLSelectTool存在只读绕过漏洞,可能导致攻击者写入任意文件。
Description (English)
Neuron is an industrial network (IIOT) connection server for the EMQ open source. For modern big data and AI/ML technology to harness the power of industry 4.0. Neuron 2.8.11 and earlier versions had a code-infusion loophole, which stemmed from MySQLSelectTool ’ s reading-only loophole, which could have led to the attackers writing into any document.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
EMQ
Published
2025-12-10
Last Modified
2026-02-24
References
https://github.com/neuron-core/neuron-ai/commit/72735d0ea133266cf2f5d5d195d41e9dd865289a https://github.com/neuron-core/neuron-ai/releases/tag/2.8.12 https://github.com/neuron-core/neuron-ai/security/advisories/GHSA-j8g6-5gqc-mq36
Patch
https://github.com/neuron-core/neuron-ai/releases
Share on: