CVE-2026-52200 in UZ801
Summary
by MITRE • 07/09/2026
An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/09/2026
This vulnerability exists within the Generic OEM UZ801_v2.1 4G LTE Router firmware version 3.4.3, specifically targeting the web management interface exposed through the /ajax endpoint in the MifiService.apk component. The flaw represents a critical remote code execution vulnerability that enables attackers to gain unauthorized control of the device without requiring authentication or physical access. The affected router model is part of the broader class of consumer-grade IoT devices that expose web management interfaces for configuration and monitoring purposes, making them attractive targets for cybercriminals seeking persistent network access points.
The technical implementation of this vulnerability stems from inadequate input validation and sanitization within the AJAX API endpoint handling logic. When remote attackers send maliciously crafted requests to the /ajax endpoint, the system fails to properly validate or sanitize user-supplied parameters before processing them within the MifiService.apk application. This allows for arbitrary code injection attacks that can be leveraged to execute commands with the privileges of the web server process. The vulnerability aligns with CWE-74 and CWE-94 categories, representing weaknesses in input validation and improper neutralization of special elements used in code execution contexts. Attackers can exploit this flaw to install backdoors, modify device configurations, or establish persistent access to the local network.
The operational impact of this vulnerability extends beyond simple remote code execution, as it provides attackers with complete control over the affected router's functionality. Once compromised, the device can be used as a pivot point for lateral movement within corporate or residential networks, potentially enabling privilege escalation attacks and data exfiltration operations. The implications are particularly severe given that these routers often serve as the primary gateway between internal networks and the internet, making them ideal targets for attackers seeking to establish persistent footholds in network environments. This vulnerability also aligns with ATT&CK technique T1059.007 for command and script interpreter and T1021.001 for remote services, as it enables both code execution and remote access capabilities.
Mitigation strategies should include immediate firmware updates from the vendor to address the identified vulnerability, as well as network segmentation measures to limit the potential impact of successful exploitation. Organizations should implement network monitoring solutions that can detect unusual traffic patterns or command execution attempts originating from router devices. Additional protective measures include disabling unnecessary web management interfaces when not actively required, implementing strong access controls for legitimate administrative access, and conducting regular security assessments of IoT device inventories. The vulnerability demonstrates the critical importance of secure coding practices in embedded systems and highlights the need for comprehensive security testing throughout the development lifecycle of network infrastructure devices.