Description
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry
https://www.twcert.org.tw/tw/cp-132-6800-b5cf6-1.html
Scores
CVSS v3
8.8
EPSS
0.0151
EPSS Percentile
71.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
changingtec/servisign
Published
Jan 03, 2023
Tracked Since
Feb 18, 2026