VYPR

Streamax Crocus

by Streamax

CVEs (10)

  • CVE-2026-4956HigMar 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The…

  • CVE-2026-4955HigMar 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made…

  • CVE-2026-4910HigMar 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection. It is possible to…

  • CVE-2025-11912MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-11911MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the attack remotely. The…

  • CVE-2025-11910MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack…

  • CVE-2025-11909MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be…

  • CVE-2025-11908MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible…

  • CVE-2025-11914MedOct 17, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument FilePath results in path traversal. The attack may be…

  • CVE-2025-11913MedOct 17, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal. The attack can be launched…