What is the CVSS score of EUVD-2026-27335?

EUVD-2026-27335 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of GR140DG Router are affected by EUVD-2026-27335?

ALTICE LABS GR140DG and GR140IG fibre routers contain a command injection vulnerability in the diagnostic ping handler that allows authenticated administrators or network operators to execute…

GR140DG Router EUVD-2026-27335

| CVE-2026-31195 HIGH

OS Command Injection (CWE-78)

2026-05-05 mitre

GHSA-48q2-ffv8-pgrw

Command Injection

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 06, 2026 - 21:31 vuln.today

CVSS changed

May 06, 2026 - 19:22 NVD

8.8 (None) 8.8 (HIGH)

CVE Published

May 05, 2026 - 00:00 nvd

HIGH 8.8

DescriptionNVD

The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.

AnalysisAI

Command injection in ALTICE LABS GR140DG and GR140IG fibre routers allows authenticated remote attackers to execute arbitrary commands as root. The ping diagnostic handler in /bin/httpd_clientside accepts unsanitized user input in the destAddr parameter and passes it to a system() call, enabling shell command substitution. …

RemediationAI

Within 24 hours: Identify and inventory all ALTICE LABS GR140DG and GR140IG routers in your network and document their firmware versions; restrict administrative access to these devices to essential personnel only and enforce multi-factor authentication where available. Within 7 days: Review administrative access logs for suspicious activity; implement network segmentation to isolate affected routers from sensitive systems; contact ALTICE LABS technical support for interim guidance and patch timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-27335 vulnerability details – vuln.today

Back

GR140DG Router EUVD-2026-27335

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code