This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OS Command Injection in TOPSEC TopACM. <br>π₯ **Consequences**: Attackers can execute arbitrary system commands on the target server.β¦
π **Privileges**: The injected commands likely execute with the privileges of the web service account (often root or high-privilege user in such appliances).β¦
β‘ **Threshold**: **LOW**. <br>π **Auth**: CVSS Vector `PR:N` indicates **No Privileges Required**. <br>π **Access**: `AV:N` means it is exploitable over the **Network**.β¦
π’ **Public Exploit**: Yes. <br>π **Evidence**: References include a Feishu doc tagged as 'exploit' and VDB entries (VDB-351077) detailing the HTTP request for `nmc_sync.php`.β¦
π **Self-Check**: <br>1. Scan for the specific endpoint: `/view/systemConfig/management/nmc_sync.php`. <br>2. Look for HTTP requests containing the `template_path` parameter. <br>3.β¦
π₯ **Urgency**: **CRITICAL**. <br>π **CVSS Score**: 9.8 (Critical). <br>β³ **Priority**: **Immediate Action Required**. <br>π¨ Since it is unauthenticated and remote, automated scanners and bots will likely target this.β¦