CVE-2025-11912 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceState.do?Action=Query orderField sql injection

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been classified as critical. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection.

This vulnerability is handled as CVE-2025-11912. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More