go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


SUNNET WMPro - Command Injection

TVN ID TVN-202309012
CVE ID CVE-2023-35850
CVSS 7.2 (High)
Affected Products WMPro: V5
Description SUNNET WMPro protal's file management function has a vulnerability of insufficient filtering for user input. An remote attacker with administrator privilege or privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.
Solution Update version to the latest one or contact SUNNET support team
Credit Fi Liu(CHT Security)
Public Date 2023-09-20