CVE-2026-6349 — AI Deep Analysis Summary

🚨 **Essence**: HGiga iSherlock suffers from **OS Command Injection**. 💥 **Consequences**: Attackers can execute **arbitrary OS commands** on the target system, leading to total compromise.

🛡️ **Root Cause**: **CWE-78** (Improper Neutralization of Special Elements used in an OS Command). The software fails to sanitize user inputs before passing them to the OS.

🏢 **Affected**: **HGiga** (China Hengji). 📦 **Product**: **iSherlock-base-4.5**. This applies to the specific software series produced by HGiga.

🔓 **Privileges**: **High Impact** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Hackers gain **Full Control** (Confidentiality, Integrity, Availability: High). No privileges required.

📉 **Threshold**: **Low**. ⚡ **Network Accessible** (AV:N), **Low Complexity** (AC:L), **No Privileges** (PR:N), **No User Interaction** (UI:N). Easy to exploit remotely.

🕵️ **Public Exp?**: **No**. The `pocs` field is empty. While references exist, no specific Proof-of-Concept code is publicly available in this dataset.

🔍 **Self-Check**: Scan for **HGiga iSherlock** products. Look for **OS command injection** patterns in input fields. Use vulnerability scanners detecting **CWE-78**.

🩹 **Fix**: **Unknown**. The data does not list a specific patch version or official mitigation steps. Check vendor advisories for updates.

🚧 **Workaround**: **Input Sanitization**. Strictly validate and escape all user inputs. Implement **Whitelisting** for allowed commands. Use **Least Privilege** principles.

⚠️ **Urgency**: **Critical**. With **CVSS 9.8** (implied by H/H/H) and **Remote/No-Auth** access, immediate attention and mitigation are required to prevent system takeover.