> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
CMSV6, a vehicle GPS tracking and monitoring platform by Tongtianxing, offers real-time location, video surveillance, and fleet management features. It's widely used in logistics and transportation to enhance safety and operational efficiency.
In March 2024, a critical vulnerability was disclosed affecting CMSV6 <= v7.33.0.2_20240305, which allows attackers to achieve remote code execution (RCE) through a SQL injection flaw.
Vulnerability Overview
What happened?
The CMSV6 backend fails to properly sanitize user input before including it in SQL queries. As a result, an attacker can craft malicious input that manipulates the database engine—leading not just to data leakage, but also file write operations.
This SQLi vulnerability enables attackers to write arbitrary files to the server and eventually execute system-level commands remotely.
Impact
- Full RCE on the target server
- Sensitive data exposure
- System compromise and lateral movement
- Use of the server as a pivot for further attacks
Affected Version
- CMSV6 Fleet Monitoring System ≤ v7.33.0.2_20240305
Workarounds & Fixes
Temporary Mitigation
Until you can patch, apply the following precautions:
- Do NOT expose CMSV6 systems to the public internet.
- Use network ACLs or firewalls to restrict access to trusted IPs only.
- Deploy a Web Application Firewall (WAF) to block SQLi attempts (e.g., SafeLine).
Permanent Fix
The vendor has released an updated version. Visit the official website to download the latest version or contact their support:
👉 http://www.g-sky.cn/list-70-1.html
Detection Tool
You can use X-POC, an open-source remote scanner, to verify whether your CMSV6 instance is vulnerable:
xpoc -r 420 -t http://target-ip
Tool links:
Product Detection Support
| Product | Detection Support |
|---|---|
| Yuntu | Supports fingerprint + PoC-based detection |
| Dongjian | Supports detection via behavioral scanning |
| SafeLine | Virtual patch and behavior detection supported |
| Quanshi | Default behavior detection support |
Timeline
- March 5, 2024 – Vendor released patched version
- March 15, 2024 – Vulnerability disclosed online
- March 15, 2024 – Chaitin Security Team reproduced and analyzed the flaw
- March 15, 2024 – Public advisory published by Chaitin Emergency Response Center
Final Thoughts
This vulnerability is dangerous not just because of its severity, but because of its simplicity. A single crafted input can compromise your entire server.
If you're using CMSV6 or know someone who is, make sure the system is not exposed and is updated immediately.