【Vulnerability Alert】New Partner Technology | N-Reporter, N-Cloud, N-Probe - OS Command Injection
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025091809094545 | Publication Time | 2025/09/18 09:03 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/09/18 09:03 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】New Partner Technology | N-Reporter, N-Cloud, N-Probe - OS Command Injection |
|||
| [Content] Forwarded from TWCERTCC-200-202509-00000012 【New Partner Technology | N-Reporter, N-Cloud, N-Probe - OS Command Injection】(CVE-2025-10589, CVSS: 8.8) An OS Command Injection vulnerability exists in N-Reporter, N-Cloud, and N-Probe developed by New Partner Technology. An authenticated remote attacker can inject arbitrary operating system commands and execute them on the server. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] N-Reporter, N-Cloud, N-Probe Affected firmware versions: for the 6.x series, versions earlier than 6.1.187 (20250730-1734) (exclusive); for the 7.x series, versions earlier than 7.0.009 (20250805-1505) (exclusive) Affected kernel versions: versions earlier than 20250811094737 (exclusive) |
|||
|
[Recommended Actions] ● For 6.x versions, please update to 6.1.187 (20250730-1734) or later ● For 7.x versions, please update to 7.0.009 (20250805-1505) or later Kernel Update: ● Please update to 20250811094737 or later Firmware and Kernel must be updated simultaneously to ensure the patch takes effect. |
|||
|
[Reference] https://www.twcert.org.tw/tw/cp-132-10386-231ae-1.html |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw