Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection
Vulnerability Description
A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Netcore多款产品 注入漏洞
Vulnerability Description
Netcore NBR1005GPEV2等都是中国磊科(Netcore)公司的产品。Netcore NBR1005GPEV2是一个全千兆多WAN口POE供电企业AP管理多功能有线路由器。Netcore B6V2是一款全千兆无线路由器。Netcore COVER5是一款企业级路由器。 Netcore多款产品存在注入漏洞,该漏洞源于对文件/usr/bin/network_tools中参数url的错误操作导致命令注入。以下产品及版本受到影响:NBR1005GPEV2、NBR200V2和B6V2 20250508
CVSS Information
N/A
Vulnerability Type
N/A