Skip to main content

Lt300 3 0

1 CVEs product

Monthly

CVE-2026-32833 HIGH PATCH This Week

Remote code execution in the Cudy LT300 3.0 4G LTE router (firmware before 2.5.12) lets authenticated users run arbitrary OS commands by embedding shell metacharacters in the cbid.system.ntp.current POST parameter of the system time (NTP) configuration page. Because the CVSS 4.0 vector specifies PR:L, an attacker needs valid (low-privileged) web credentials but no user interaction, and successful injection yields full host compromise (VC/VI/VA all High). No public exploit identified at time of analysis; the flaw was reported by VulnCheck and a vendor patch is available.

Command Injection RCE Lt300 3 0
NVD
CVSS 4.0
8.7
EPSS
1.3%
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Remote code execution in the Cudy LT300 3.0 4G LTE router (firmware before 2.5.12) lets authenticated users run arbitrary OS commands by embedding shell metacharacters in the cbid.system.ntp.current POST parameter of the system time (NTP) configuration page. Because the CVSS 4.0 vector specifies PR:L, an attacker needs valid (low-privileged) web credentials but no user interaction, and successful injection yields full host compromise (VC/VI/VA all High). No public exploit identified at time of analysis; the flaw was reported by VulnCheck and a vendor patch is available.

Command Injection RCE Lt300 3 0
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy