OS Command Injection Vulnerability in Network Management Device by Vendor
CVE-2026-22313

9.1CRITICAL

Key Information:

Vendor

Radiflow

Vendor
CVE Published:
16 June 2026

What is CVE-2026-22313?

This vulnerability allows an authenticated attacker to exploit a flaw in the device's web server protocol, specifically through its REST API. By injecting malicious OS commands, the attacker can execute arbitrary commands with the administrative privileges of the system. This could lead to unauthorized access and control over the device, thus posing a significant risk to the overall network security.

Affected Version(s)

iSAP Smart Collector 3.07-1

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.