Radiflow iSAP Smart Collector OS Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in Radiflow iSAP Smart Collector, specifically in versions running on CentOS 7 with VSAP 1.20. The vulnerability arises from two unauthenticated REST APIs exposed by the device's web servers on TCP ports 8084 and 8086. An attacker with access to the management network can exploit this vulnerability to execute arbitrary commands with administrative privileges on the underlying operating system.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected system, with administrative rights.

Added: Jul 9, 2025, 9:17 AM

Updated: Jul 9, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.2

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.2

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Radiflow iSAP Smart Collector OS Command Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating