Skip to main content

AVTECH DGM3103SCT CVE-2026-56808

| EUVDEUVD-2026-40265 HIGH
OS Command Injection (CWE-78)
2026-06-30 jpcert GHSA-xqc8-pr7j-cj3w
8.6
CVSS 4.0 · Vendor: jpcert
Share

Severity by source

Vendor (jpcert) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.2 HIGH

Network-reachable console (AV:N) with simple injection (AC:L) but requires an authenticated privileged console user (PR:H), yielding full root C/I/A impact on the device (S:U).

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (jpcert).

CVSS VectorVendor: jpcert

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 30, 2026 - 07:33 vuln.today
CVSS changed
Jun 30, 2026 - 07:22 NVD
7.2 (HIGH) 8.6 (HIGH)

DescriptionCVE.org

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.

AnalysisAI

Privileged OS command injection in the AVTECH Security Corporation DGM3103SCT surveillance device lets an authenticated user of the web management console inject operating-system commands that run with root privilege (CWE-78). Disclosed via JPCERT/CC coordination (JVN28979424), it carries CVSS 4.0 base 8.6 with no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach web console over network
Delivery
Authenticate with privileged credentials
Exploit
Inject shell metacharacters into vulnerable parameter
Execution
Command executes as root
Impact
Backdoor device and pivot into surveillance network

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be able to authenticate to the DGM3103SCT web management console - the CVSS PR:H confirms a high-privilege logged-in user is the prerequisite, and the description explicitly scopes the flaw to 'a user who can log in to the web management console.' The exact vulnerable console function/parameter is not named in the provided data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are partially complete and broadly consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained valid web-management-console credentials for a DGM3103SCT (via default/weak passwords, credential reuse, or insider access) submits a console request containing shell metacharacters in a vulnerable field. The injected payload executes as root, letting the attacker run arbitrary commands to plant a backdoor, pivot into the surveillance network, or disable/manipulate the camera feed. …
Remediation No exact fixed firmware version is present in the provided data, so consult the AVTECH/JPCERT coordinated advisory JVN28979424 (https://jvn.jp/en/jp/JVN28979424/) and the AVTECH product page (https://www.avtech.com.tw/global/en/IP%20Camera?search=DGM3103SCT) for the vendor-released patched firmware and apply it as the primary fix once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all AVTECH DGM3103SCT devices; restrict web management console access to explicitly approved administrators and enable multi-factor authentication where supported. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56808 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy