exploitDog

CVE-2025-11779

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2:*:*:*:*:*:*:*

cpe:2.3:h:circutor:sge-plc1000:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2:*:*:*:*:*:*:*

cpe:2.3:h:circutor:sge-plc50:-:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02122

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-121

Связанные уязвимости

GHSA-fggc-v5pw-8q2g

CVSS3: 9.8

github

17 дней назад

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.

EPSS

Процентиль: 84%

0.02122

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-121