Skip to main content

MeiG FORGE_SLT711 CVE-2026-36356

| EUVDEUVD-2026-27327 CRITICAL
OS Command Injection (CWE-78)
2026-05-05 mitre
9.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 05, 2026 - 18:22 vuln.today
CVSS changed
May 05, 2026 - 18:22 NVD
9.1 (CRITICAL)

DescriptionCVE.org

The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.

AnalysisAI

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows attackers to execute arbitrary system commands via the /action/SetRemoteAccessCfg endpoint in the GoAhead web server. CVSS 9.1 reflects critical impact with network-accessible attack vector requiring no authentication or user interaction. GitHub repository suggests publicly available exploit code exists (CVE-2026-36356), significantly lowering exploitation barrier for attackers targeting industrial IoT and cellular gateway deployments.

Technical ContextAI

This vulnerability exploits CWE-78 (OS Command Injection) in the GoAhead embedded web server, a lightweight HTTP server commonly deployed in IoT and embedded devices. The /action/SetRemoteAccessCfg endpoint fails to properly sanitize user-supplied input before passing it to system shell commands. The affected MeiG FORGE_SLT711 is a 4G LTE industrial cellular gateway built on Qualcomm's MDM9607 chipset platform, running firmware version MDM9607.LE.1.0-00110-STD.PROD-1. GoAhead's architecture typically runs with elevated system privileges to manage device configuration, meaning injected commands likely execute with root or administrative permissions. The vulnerability exists in the remote access configuration interface, which would normally handle VPN, SSH, or remote management settings-functionality that by design interacts with system-level services.

RemediationAI

Contact MeiG Smart directly through official support channels to request patched firmware for FORGE_SLT711 devices, as no vendor-released patch version is confirmed in available data. No vendor advisory is published at forgeslt711.com or meig.com references provided. Until patched firmware is available, implement immediate network-layer compensating controls: (1) Block external access to the GoAhead web interface (typically TCP ports 80/443) using firewall rules-allow management only from trusted internal networks or VPN connections, with side effect of preventing remote administration convenience. (2) Deploy network segmentation to isolate FORGE_SLT711 gateways into dedicated VLAN with strict ingress/egress filtering-limits lateral movement if compromised but adds infrastructure complexity. (3) Implement application-layer firewall or reverse proxy with input validation to filter requests to /action/SetRemoteAccessCfg endpoint-requires custom WAF rules and ongoing maintenance. (4) Monitor device logs and network traffic for suspicious POST requests containing shell metacharacters (semicolons, pipes, backticks) to /action/ paths-provides detection but not prevention. Given the unauthenticated nature and POC availability, network isolation is the only reliable mitigation until vendor patch is deployed.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

CVE-2025-60467 HIGH POC
7.5 Jun 24

Denial of service in GPAC (libgpac/MP4Box) before 26.02.0 lets an attacker crash the application by feeding it a crafted

Share

CVE-2026-36356 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy