OS Command Injection Vulnerability in Network Management Device by Vendor
CVE-2026-22313
9.1CRITICAL
What is CVE-2026-22313?
This vulnerability allows an authenticated attacker to exploit a flaw in the device's web server protocol, specifically through its REST API. By injecting malicious OS commands, the attacker can execute arbitrary commands with the administrative privileges of the system. This could lead to unauthorized access and control over the device, thus posing a significant risk to the overall network security.
Affected Version(s)
iSAP Smart Collector 3.07-1
