【Vulnerability Alert】ZongYu Technology ZYT-Management Platform has 2 major security vulnerabilities

* Subject Description: 【Vulnerability Alert】ZongYu Technology ZYT-Management Platform has 2 major security vulnerabilities

• Content Description:
  • Forwarded from Taiwan Computer Network Crisis Handling and Coordination Center TWCERTCC-200-202505-00000009
  • [ZongYu Technology ZYT-Management Platform-okcat - Missing Authentication] (CVE-2025-4555, CVSS: 9.8) The web management interface of ZongYu Technology ZYT-Management Platform-okcat has a Missing Authentication vulnerability. Remote attackers without identity authentication can directly access system functions, including opening gates, viewing license plates and parking records, and system reboot.
  • [ZongYu Technology ZYT-Management Platform-okcat - Arbitrary File Upload] (CVE-2025-4556, CVSS: 9.8) The web management interface of ZongYu Technology ZYT-Management Platform-okcat has an Arbitrary File Upload vulnerability. Remote attackers without identity authentication can upload and execute web backdoor programs, thereby executing arbitrary code on the server side.
• Affected Platform:
  • ZYT-Management Platform-okcat
• Recommended Measures:
  • The affected product has stopped maintenance, it is recommended to evaluate the adoption of other alternative products.
• Reference Information:
  1. ZongYu Technology ZYT-Management Platform-okcat - Missing Authentication: https://www.twcert.org.tw/tw/cp-132-10108-f77f5-1.html
  2. ZongYu Technology ZYT-Management Platform-okcat - Arbitrary File Upload: https://www.twcert.org.tw/tw/cp-132-10110-114f0-1.html

Network System Division
Computer and Communication Center9