CVE-2026-20764— Copeland多款产品 操作系统命令注入漏洞

Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote code execution.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Copeland多款产品 操作系统命令注入漏洞

Copeland XWEB 500D PRO和Copeland XWEB 500B PRO都是美国Copeland公司的一款先进的商用与工业制冷监控管理系统。 Copeland多款产品存在操作系统命令注入漏洞，该漏洞源于通过设备主机名配置提供恶意输入，可能导致远程代码执行。以下产品受到影响：Copeland XWEB 300D PRO,Copeland XWEB 500D PRO,Copeland XWEB 500B PRO。

N/A

N/A