CNNVD-202512-5120 Information
CNNVD ID
CNNVD-202512-5120
Related CVE
- CNNVD Published: 2025-12-30
Description (Chinese)
FastBee是中国FastBee开源的一个物联网平台。 FastBee 2.1及之前版本存在代码问题漏洞,该漏洞源于对组件SIP Message Handler中文件springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java的错误操作,可能导致XML外部实体引用攻击。
Description (English)
FastBee is a platform for the networking of objects from the open source of FastBee in China. FastBee 2.1 and previous versions had a code problem loophole, which stemmed from a mishandling of document Springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstracthandler.java in component SIP Message Handler, which could lead to an attack by an external XML entity.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
FastBee
Published
2025-12-30
Last Modified
2026-02-24
References
https://gitee.com/beecue/fastbee/issues/ID7HNZ https://gitee.com/beecue/fastbee/issues/ID7HNZ#note_47777408_link https://vuldb.com/?ctiid.338641 https://vuldb.com/?id.338641
Share on: