CVE-2025-3002

A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Configurations

No configuration.

History

31 Mar 2025, 19:15

Type Values Removed Values Added
References () https://github.com/Fizz-L/CVE1/blob/main/DCME-520%20Remote%20command%20execution.md - () https://github.com/Fizz-L/CVE1/blob/main/DCME-520%20Remote%20command%20execution.md -

31 Mar 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-31 16:15

Updated : 2025-04-01 20:26


NVD link : CVE-2025-3002

Mitre link : CVE-2025-3002

CVE.ORG link : CVE-2025-3002


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')