Description
A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-18
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized User Creation / Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

An access control flaw exists in the user addition endpoint (/dm/dispatch/user/add) of the Rongzhitong Visual Integrated Command and Dispatch Platform. The flaw allows an attacker who can reach the component remotely to create user accounts or elevate privileges without proper authorization checks, effectively bypassing the intended access controls. The vulnerability is classified as improper access control (CWE‑284) and authorization bypass through privilege escalation (CWE‑266).

Affected Systems

The vulnerability affects the Rongzhitong Visual Integrated Command and Dispatch Platform, with all releases up to and including version 20260206 being potentially susceptible. No specific patch version is listed in the CNA data.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. The EPSS score of less than 1% suggests a very low yet non‑zero exploitation probability at the time of assessment. The vulnerability is currently not listed in CISA’s Known Exploited Vulnerabilities catalog. Based on the description, the attack vector is remote, meaning an adversary can trigger the flaw from outside the protected network without local access. Given its moderate severity and low exploitation likelihood, the overall risk is moderate but warrants timely mitigation to prevent potential abuse of the access controls.

Generated by OpenCVE AI on April 17, 2026 at 18:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest vendor patch or upgrade to a release newer than 20260206 that addresses the user addition access control issue.
  • If an update is unavailable, apply network or web‑application firewall rules to block or restrict remote access to the /dm/dispatch/user/add endpoint.
  • Implement stringent authentication and authorization checks for all endpoints that create or modify user accounts, ensuring that only privileged users can perform such actions.
  • Monitor system logs for unexpected or unauthorized user creation events and investigate any anomalies promptly.

Generated by OpenCVE AI on April 17, 2026 at 18:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:rongzhitong:visual_integrated_command_and_dispatch_platform:*:*:*:*:*:*:*:*

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Rongzhitong
Rongzhitong visual Integrated Command And Dispatch Platform
Vendors & Products Rongzhitong
Rongzhitong visual Integrated Command And Dispatch Platform

Wed, 18 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Rongzhitong Visual Integrated Command and Dispatch Platform User add access control
Weaknesses CWE-266
CWE-284
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Rongzhitong Visual Integrated Command And Dispatch Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T10:20:19.689Z

Reserved: 2026-02-18T09:10:15.714Z

Link: CVE-2026-2668

cve-icon Vulnrichment

Updated: 2026-02-18T21:23:04.309Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-18T21:16:25.450

Modified: 2026-02-26T20:31:21.367

Link: CVE-2026-2668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:30:05Z

Weaknesses