648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization_CVE-2026-4860

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-4860

Source VulDB

Published Mar 26, 2026 at 08:18

Modified Mar 26, 2026 at 18:25

Affected Product

Vendor 648540858

Product wvp-GB28181-pro

Version 2.7.0

Affected Versions 648540858 wvp-GB28181-pro 2.7.0
648540858 wvp-GB28181-pro 2.7.1
648540858 wvp-GB28181-pro 2.7.2
648540858 wvp-GB28181-pro 2.7.3
648540858 wvp-GB28181-pro 2.7.4

CWE Classification

CWE-502 CWE-20

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-03-26T08:18:03.574Z",
    "modified": "2026-03-26T18:25:31.687Z",
    "type": "cve",
    "title": "648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.353191\nhttps://vuldb.com/?ctiid.353191\nhttps://vuldb.com/?submit.776213\nhttps://github.com/wing3e/public_exp/issues/1",
    "id": "CVE-2026-4860",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "648540858 wvp-GB28181-pro 2.7.0\n648540858 wvp-GB28181-pro 2.7.1\n648540858 wvp-GB28181-pro 2.7.2\n648540858 wvp-GB28181-pro 2.7.3\n648540858 wvp-GB28181-pro 2.7.4",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wvp-GB28181-pro",
    "version": "2.7.0",
    "vendor": "648540858",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}