Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Tigo Energy Cloud Connect Advanced
Vulnerability Description
Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary commands on the device that could cause potential unauthorized access, service disruption, and data exposure.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Tigo Energy Cloud Connect Advanced 命令注入漏洞
Vulnerability Description
Tigo Energy Cloud Connect Advanced是美国Tigo Energy公司的一款紧凑型数据记录器。 Tigo Energy Cloud Connect Advanced存在命令注入漏洞,该漏洞源于命令注入,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A