Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.
Analysis
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.
Technical ContextAI
Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).
RemediationAI
Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.
More in Sge Plc1000 Firmware
View allStack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'A
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function,
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' functi
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' functio
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “
Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely
Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' f
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function,
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-200229