Aggregates CVE and security vulnerability intelligence across all dcnetworks-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk command injection and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-2000 | A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.0 | 12.68% | 2026-02-06 | 2026-06-17 |
| CVE-2025-9387 | A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 9.31% | 2025-08-24 | 2026-06-17 |
| CVE-2024-52782 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. | [email protected] | 9.8 | 0.69% | 2024-11-29 | 2026-06-17 |
| CVE-2024-52781 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. | [email protected] | 9.8 | 0.69% | 2024-11-29 | 2026-06-17 |
| CVE-2024-52780 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. | [email protected] | 9.8 | 0.69% | 2024-11-29 | 2026-06-17 |
| CVE-2024-52779 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. | [email protected] | 9.8 | 0.69% | 2024-11-29 | 2026-06-17 |
| CVE-2024-52778 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. | [email protected] | 9.8 | 0.69% | 2024-11-29 | 2026-06-17 |
| CVE-2024-52777 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. | [email protected] | 9.8 | 0.73% | 2024-11-29 | 2026-06-17 |
| CVE-2024-51115 | DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. | [email protected] | 9.8 | 1.68% | 2024-11-05 | 2026-06-17 |
| CVE-2024-48659 | An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. | [email protected] | 9.8 | 1.10% | 2024-10-21 | 2026-06-17 |
| CVE-2023-43321 | File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. | [email protected] | 8.8 | 0.91% | 2023-10-04 | 2026-06-17 |