Shenzhen Ruiming Technology Streamax Crocus SQL Injection Vulnerability in DevicePrint.do Component

Vulnerability

A critical SQL injection vulnerability has been identified in the Streamax Crocus O&M Platform version 1.3.44. The issue arises in the DevicePrint.do file, specifically within the Parameter Handler component, where the State parameter is not properly validated. This vulnerability allows remote, unauthenticated attackers to execute arbitrary SQL commands. Exploitation can be achieved by bypassing login requirements with a manipulated base64-encoded cookie, which decodes to a user ID of 1. Attackers can use time-based blind injection techniques to extract sensitive data from the system, potentially compromising the entire database server.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, with the possibility of extracting sensitive system data and compromising the entire database server.

Added: Mar 27, 2026, 3:30 PM

Updated: Mar 27, 2026, 3:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shenzhen Ruiming Technology Streamax Crocus SQL Injection Vulnerability in DevicePrint.do Component

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating