Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Broken access control on the /ajax API means no authentication (PR:N) and a straightforward request (AC:L) over the network yields code execution with total confidentiality, integrity, and availability impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk
AnalysisAI
Remote code execution in the Generic OEM UZ801_v2.1 4G LTE Router (firmware V3.4.3) lets unauthenticated attackers run arbitrary code by sending crafted requests to the /ajax web management API served by the device's MifiService.apk component. The flaw stems from broken access control on the management endpoint, giving remote attackers full control of the device with no credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the device's /ajax web management API implemented in MifiService.apk on UZ801_v2.1 firmware V3.4.3; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication or user interaction is required, consistent with the broken-access-control root cause. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and worth separating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the router's management interface - for example a malicious client on the same tethered/LAN network, or anyone on the internet if the device's admin API is WAN-exposed - sends a crafted HTTP request to the /ajax endpoint served by MifiService.apk. Because the endpoint lacks proper access control and improperly handles the input as code (CWE-94), the request executes attacker-supplied code on the device, yielding full control to intercept or reroute traffic. … |
| Remediation | No vendor-released patch or fixed firmware version was identified at time of analysis, and because this is a generic-OEM device a coordinated vendor advisory may never appear. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit network inventory to identify all Generic OEM UZ801_v2.1 units running firmware V3.4.3; map criticality and internet-facing exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42504
GHSA-qcc4-c6xj-c524