CNNVD-202602-2198 Information

CNNVD ID

CNNVD-202602-2198

Related CVE

CVE-2026-26335

• CNNVD Published: 2026-02-13

Description (Chinese)

Calero VeraSMART是美国Calero公司的一个电话计费软件。 Calero VeraSMART 2022 R1之前版本存在安全漏洞，该漏洞源于使用静态的ASP.NET/IIS machineKey值，可能导致攻击者构造有效的ASP.NET ViewState有效载荷，进而导致服务器端反序列化和远程代码执行。

Description (English)

Calero VeraSMART is a telephone billing software for the United States company Calero. The pre-Calero VeraSMART 2022 R1 version had a security loophole, which stemmed from the use of static ASP.NET/IIS MachineKey values, which could lead the attackers to construct an effective ASP.NET Viewstate payload, leading to back-serialization of the server end and remote code execution.

Vulnerability Type

其他

Affected Vendor

Calero

Published

2026-02-13

Last Modified

2026-02-24

References

https://www.calero.com/ https://www.vulncheck.com/advisories/calero-verasmart-2022-r1-static-iis-machine-keys-enable-viewstate-rce