CVE-2025-20620

HIGH

STEALTHONE D220/D340 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page.

Scores

CVSS v3 7.5
EPSS 0.0039
EPSS Percentile 30.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
Y'S corporation/STEALTHONE D220 firmware v6.03.02 and earlier
Y'S corporation/STEALTHONE D340 firmware v6.03.02 and earlier
Published Jan 14, 2025
Tracked Since Feb 18, 2026