CVE-2026-4910

Summary

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Shenzhen Ruiming TechnologyStreamax Crocus1.3.0affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.1affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.2affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.3affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.4affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.5affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.6affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.7affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.8affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.9affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.10affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.11affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.12affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.13affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.14affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.15affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.16affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.17affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.18affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.19affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.20affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.21affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.22affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.23affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.24affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.25affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.26affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.27affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.28affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.29affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.30affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.31affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.32affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.33affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.34affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.35affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.36affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.37affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.38affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.39affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.40affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.41affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.42affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.43affected
Shenzhen Ruiming TechnologyStreamax Crocus1.3.44affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References