VYPR

Crocus

by Shenzhen Ruiming Technology

CVEs (2)

  • CVE-2025-11912MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-11911MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the attack remotely. The…