CVE-2025-1448

HIGH EXPLOITED

Synway SMG Gateway Management Software <20250204 - Command Injection

Title source: llm

Exploitation Summary

CVE-2025-1448 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including iSee857.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2026-22812, demonstrating remote command execution (RCE) in OpenCode by leveraging session creation and command injection via the shell endpoint. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for 'uid=' and 'gid=' in the response.

Description

A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/sanhui-gateway-9-12ping-rce-CVE-2025-1448.py

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2026-22812, demonstrating remote command execution (RCE) in OpenCode by leveraging session creation and command injection via the shell endpoint. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for 'uid=' and 'gid=' in the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenCode (version not specified)

No auth needed

Prerequisites: Network access to the target · OpenCode service running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.296135

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.296135

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.494788

Issue Tracking exploit issue-tracking

https://github.com/stevenchen0x01/CVE/issues/1

Scores

CVSS v3 7.3

EPSS 0.0091

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2026-05-18

CWE

CWE-74 CWE-77

Status published

Products (1)

Synway/SMG Gateway Management Software 20250204

Published Feb 19, 2025

Tracked Since Feb 18, 2026