CVE-2025-20620

Summary

SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page.

Affected Software

VendorProductVersion RangeStatus
Y’S corporationSTEALTHONE D220firmware v6.03.02 and earlieraffected
Y’S corporationSTEALTHONE D340firmware v6.03.02 and earlieraffected

Weaknesses

  • CWE-89: Improper neutralization of special elements used in an SQL command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References