Wvp Gb28181 Pro
Approved changes feed: RSS · Atom
cpe:2.3:a:648540858:wvp-gb28181-pro:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | 648540858 (24957002-3066-58b9-a4c5-f612ee3bd7d4) |
|---|---|
| Product | Wvp Gb28181 Pro (3c88b602-b6f1-5f01-9f2e-c21da9554021) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-4860 |
vulnerable | 2026-06-03 15:26:26.220871 |
648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization
HIGH (7.3)
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-26T08:18:03.574Z
Updated: 2026-03-26T18:25:31.687Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-4597 |
vulnerable | 2026-06-03 15:26:25.749007 |
648540858 wvp-GB28181-pro Stream Proxy Query StreamProxyProvider.java selectAll sql injection
MEDIUM (6.3)
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-23T20:15:04.976Z
Updated: 2026-04-18T03:34:43.190Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-3966 |
vulnerable | 2026-06-03 15:23:33.800786 |
648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-side request forgery
MEDIUM (6.3)
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the argument MediaServer.streamIp results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-12T00:02:08.116Z
Updated: 2026-03-12T13:27:18.920Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.