Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Subreddit Home Automation 操作系统命令注入漏洞
Vulnerability Description
Subreddit Home Automation是Subreddit社区的一个自动化设备。一个自动化电灯。 Subreddit Home Automation 3.3.2 存在安全漏洞,该漏洞源于custom command v0.1 plugin的验证操作系统命令执行。
CVSS Information
N/A
Vulnerability Type
N/A