Shenzhen Ruiming Technology Streamax Crocus bis SQL Injection Vulnerability
A SQL injection vulnerability (CVE-2026-4910) exists in Shenzhen Ruiming Technology Streamax Crocus bis 1.3.44 via the /RemoteFormat.do endpoint, allowing remote attackers to execute arbitrary SQL commands by manipulating the State argument.
A SQL injection vulnerability, identified as CVE-2026-4910, affects Shenzhen Ruiming Technology Streamax Crocus bis version 1.3.44. The vulnerability is located within the /RemoteFormat.do file, specifically the Endpoint component. By manipulating the State argument, a remote attacker can inject arbitrary SQL commands. Publicly available exploits exist, increasing the risk of exploitation. The vendor was notified but did not respond. Successful exploitation could lead to unauthorized data…
Detection coverage 2
Detect SQL Injection Attempt in Streamax RemoteFormat.do
highDetects potential SQL injection attempts targeting the /RemoteFormat.do endpoint by looking for SQL keywords in the State parameter.
Detect Access to Streamax RemoteFormat.do Endpoint
lowDetects access to the Streamax RemoteFormat.do endpoint which might indicate reconnaissance activity.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
4
url