SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCircutor Sge Plc1000
HWCircutorwszystkie wersjeCircutor Sge Plc1000 Firmware
OSCircutor0.9.2b
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
Related vulnerabilities
CVE-2025-11778CRITICAL10.0PL ✓ten sam produkt
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)
CVE-2025-11779CRITICAL9.4PL ✓ten sam produkt
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan
CVE-2025-11780HIGH8.7ten sam produkt
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()'...
CVE-2025-11781HIGH8.6ten sam produkt
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a...
CVE-2025-11782HIGH8.5ten sam produkt
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' funct...