CVE-2026-2686

Sažetak

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Reference

https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md
https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md#2-vulnerability-reproduction-proof-of-concept
https://vuldb.com/?ctiid.346488
https://vuldb.com/?id.346488
https://vuldb.com/?submit.754200

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-02-2026 - 00:16

Objavljeno

19-02-2026 - 00:16