Skip to main content

Digital Photo Frame Gh Wdf10A EUVDEUVD-2026-16096

| CVE-2026-33201 HIGH
Active Debug Code (CWE-489)
2026-03-26 jpcert
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 26, 2026 - 04:30 euvd
EUVD-2026-16096
Analysis Generated
Mar 26, 2026 - 04:30 vuln.today
CVE Published
Mar 26, 2026 - 04:18 nvd
HIGH 7.0

DescriptionCVE.org

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.

AnalysisAI

The GREEN HOUSE CO., LTD. Digital Photo Frame GH-WDF10A contains active debug code that allows unauthenticated local attackers to read or write arbitrary files and execute commands with root privileges. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain physical access to device
Exploit
Trigger active debug code
Execution
Read/write sensitive files
Impact
Execute arbitrary code as root

Vulnerability AssessmentAI

Exploitation Physical access to GREEN HOUSE CO., LTD. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability presents a HIGH real-world risk despite the moderate 6.8 CVSS score, which is constrained by its AV:P (physical access required) vector component. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with physical access to a GH-WDF10A device in an office or home environment could connect via USB, serial console, or local network and leverage the active debug code to gain an interactive shell with root privileges. From there, the attacker could read sensitive configuration files (including stored credentials, network settings, or personal photos), install persistent malware for remote access, or modify firmware to create a backdoor for future exploitation. …
Remediation Contact GREEN HOUSE CO., LTD. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-16096 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy