Hillstone Networks

RULE（RULE ID：338255）

Rule General Information


Release Date:		2024-07-16

Rule Name:		JieLink+ Intelligent Terminal Operation Platform SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		JieLink+ Intelligent Terminal Operating Platform is an integrated software system designed to provide a unified operating interface and control center for smart devices, enabling users to easily manage and monitor connected devices, achieve interconnectivity and intelligent operation between devices. There is an SQL injection vulnerability in the jieLink+ intelligent terminal operating platform's DeviceId parameter, which attackers can exploit to leak sensitive information from the database.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.