Skip to main content

UZ801 4G Router CVE-2026-52200

| EUVDEUVD-2026-42504 CRITICAL
Code Injection (CWE-94)
2026-07-08 cve@mitre.org GHSA-qcc4-c6xj-c524
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Broken access control on the /ajax API means no authentication (PR:N) and a straightforward request (AC:L) over the network yields code execution with total confidentiality, integrity, and availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 09, 2026 - 16:46 vuln.today
CVSS changed
Jul 09, 2026 - 16:22 NVD
9.8 (None) 9.8 (CRITICAL)
CVE Published
Jul 08, 2026 - 22:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk

AnalysisAI

Remote code execution in the Generic OEM UZ801_v2.1 4G LTE Router (firmware V3.4.3) lets unauthenticated attackers run arbitrary code by sending crafted requests to the /ajax web management API served by the device's MifiService.apk component. The flaw stems from broken access control on the management endpoint, giving remote attackers full control of the device with no credentials. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach device /ajax management API
Delivery
Send crafted request to MifiService endpoint
Exploit
Bypass broken access control
Execution
Inject code via CWE-94 flaw
Persist
Execute arbitrary code on router
Impact
Full device compromise and traffic control

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the device's /ajax web management API implemented in MifiService.apk on UZ801_v2.1 firmware V3.4.3; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication or user interaction is required, consistent with the broken-access-control root cause. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and worth separating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the router's management interface - for example a malicious client on the same tethered/LAN network, or anyone on the internet if the device's admin API is WAN-exposed - sends a crafted HTTP request to the /ajax endpoint served by MifiService.apk. Because the endpoint lacks proper access control and improperly handles the input as code (CWE-94), the request executes attacker-supplied code on the device, yielding full control to intercept or reroute traffic. …
Remediation No vendor-released patch or fixed firmware version was identified at time of analysis, and because this is a generic-OEM device a coordinated vendor advisory may never appear. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit network inventory to identify all Generic OEM UZ801_v2.1 units running firmware V3.4.3; map criticality and internet-facing exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52200 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy