Search criteria

1 vulnerability by ShuoRen

CVE-2026-3025 (GCVE-0-2026-3025)

Vulnerability from cvelistv5 – Published: 2026-02-23 20:02 – Updated: 2026-02-23 20:02
VLAI?
Title
ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload
Summary
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.3 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CWE
Assigner
References
https://vuldb.com/?id.347381 vdb-entrytechnical-description
https://vuldb.com/?ctiid.347381 signaturepermissions-required
https://vuldb.com/?submit.756376 third-party-advisory
Impacted products
Vendor Product Version
ShuoRen Smart Heating Integrated Management Platform Affected: 1.0.0
Create a notification for this product.
Credits
zsmaaa (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Smart Heating Integrated Management Platform",
          "vendor": "ShuoRen",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "zsmaaa (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "Unrestricted Upload",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T20:02:07.178Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-347381 | ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.347381"
        },
        {
          "name": "VDB-347381 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.347381"
        },
        {
          "name": "Submit #756376 | \u5317\u4eac\u7855\u4eba\u65f6\u4ee3\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8 \u5317\u4eac\u7855\u4eba\u65f6\u4ee3\u667a\u6167\u4f9b\u70ed\u5e73\u53f0 1.0.0 \u672a\u767b\u5f55\u4e0b\u6587\u4ef6\u4e0a\u4f20\u4ee5\u53ca\u4e0b\u8f7d",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.756376"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-23T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-23T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-23T15:04:31.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-3025",
    "datePublished": "2026-02-23T20:02:07.178Z",
    "dateReserved": "2026-02-23T13:59:09.845Z",
    "dateUpdated": "2026-02-23T20:02:07.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}