Primary

Context

Vestel EVC04 SQL Injection Vulnerability in Configuration Interface

Vulnerability

A SQL injection vulnerability has been identified in the Vestel EVC04 Configuration Interface, allowing for improper neutralization of special elements used in SQL commands. This issue affects versions of the EVC04 Configuration Interface through March 18, 2025.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the application's database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Remediation

The vulnerability has not yet been addressed by the manufacturer. The National Cyber Incident Response Center (USOM) recommends users and system administrators consider using alternative software.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vestel EVC04 SQL Injection Vulnerability in Configuration Interface

Vulnerability

Impact

Remediation

Affected Products

Vestel EVC04 Configuration Interface

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating