CVE-2026-4597

216.73.217.22

· Published 23/03/2026 21:17 · Modified 24/03/2026 15:54

Labels: CVE-2026-4597 2026-03-23 CVE-2026-4597 CWE-74 [email protected]

Essential information

Published: 23/03/2026 21:17
Modified: 24/03/2026 15:54
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
genersoft / wvp-gb28181-pro	`cpe:2.3:a:genersoft:wvp-gb28181-pro:2.7.4:::::::*`