Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
An unrestricted file upload vulnerability exists in Acrel Environmental Monitoring Cloud Platform version 1.1.0, allowing unauthenticated remote attackers to upload arbitrary files to the system. The vendor was notified but did not respond, and a public proof-of-concept exploit is available on GitHub. With a CVSS score of 7.3 and public exploit code, this presents an elevated risk for organizations using the affected platform.
Technical ContextAI
This vulnerability is rooted in CWE-434 (Unrestricted Upload of File with Dangerous Type), affecting the Acrel Environmental Monitoring Cloud Platform version 1.1.0 (CPE: cpe:2.3:a:acrel:environmental_monitoring_cloud_platform:*:*:*:*:*:*:*:*). The platform fails to properly validate or restrict file uploads in some unknown processing component, allowing attackers to upload files with malicious content or dangerous file types. Environmental monitoring cloud platforms typically handle sensor data, alerts, and control systems for building or industrial environments, making them critical infrastructure targets. The lack of file type validation, content scanning, or upload restrictions enables attackers to bypass security controls and potentially execute arbitrary code or compromise system integrity.
RemediationAI
No official patch or vendor advisory is available as Acrel Co., Ltd. did not respond to vulnerability disclosure attempts. Organizations using Acrel Environmental Monitoring Cloud Platform 1.1.0 should immediately implement compensating controls including: restricting network access to the platform to trusted IP ranges only via firewall rules or VPN, implementing a web application firewall (WAF) with strict file upload filtering rules to block unauthorized file types, disabling or removing file upload functionality if not operationally required, and monitoring system logs for unusual file upload attempts or unauthorized files in upload directories. Consider migrating to an alternative environmental monitoring solution from a responsive vendor. Reference the public exploit at https://github.com/LTX-GOD/Mycve/blob/main/Acrel_Co_Ltd.md to understand attack patterns and adjust defensive measures accordingly.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14278
GHSA-8h86-g282-cx65