Skip to main content

Cudy LT300 EUVDEUVD-2026-39862

| CVE-2026-32833 HIGH
OS Command Injection (CWE-78)
2026-06-26 VulnCheck GHSA-wcjj-vwjf-qqvc
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable web endpoint with low-complexity injection but requiring a valid low-privileged account (PR:L), yielding root-level command execution and full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 20:37 vuln.today

DescriptionCVE.org

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system.

AnalysisAI

Remote code execution in the Cudy LT300 3.0 4G LTE router (firmware before 2.5.12) lets authenticated users run arbitrary OS commands by embedding shell metacharacters in the cbid.system.ntp.current POST parameter of the system time (NTP) configuration page. Because the CVSS 4.0 vector specifies PR:L, an attacker needs valid (low-privileged) web credentials but no user interaction, and successful injection yields full host compromise (VC/VI/VA all High). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged web credentials
Delivery
Reach LT300 management interface
Exploit
POST shell metacharacters in cbid.system.ntp.current
Execution
Trigger injection in NTP handler
Persist
Execute arbitrary OS commands
Impact
Full router compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires authenticated access to the LT300 web management interface (CVSS PR:L - a valid low-privileged account, not necessarily full admin) plus network reachability to that interface; no user interaction is needed (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely consistent and point to a genuinely high-impact but precondition-gated issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privileged web-UI credentials (for example via a default password, credential reuse, or an exposed management interface) logs into the LT300 console, opens the system time settings, and submits an NTP value such as a hostname followed by ;<command> in the cbid.system.ntp.current POST parameter. The injected command executes on the router OS, granting code execution and likely full device control. …
Remediation Vendor-released patch: firmware version 2.5.12 - upgrade all Cudy LT300 3.0 units to 2.5.12 or later via the official download center at https://www.cudy.com/en-us/pages/download-center/lt300-3-0, and consult the VulnCheck advisory at https://www.vulncheck.com/advisories/cudy-lt300-os-command-injection-via-ntp-configuration. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all Cudy LT300 routers in your environment and document current firmware versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39862 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy