| Titel | UGREEN CM933 Managed Network Switch 1.1.59.4319 CWE-306: Missing Authentication for Critical Function |
|---|
| Beschreibung | NOTE: coordinated disclosure. please only publish in May, after the vendor has released the patch ~mid to late April!
Title: Authentication Bypass in Administrative Interface Leading to RCE via Firmware Upload
Product: Ugreen CM933
Tested Firmware Version: 1.1.59.4319
Suggested Impact: Critical (RCE through tainted firmware)
Description & Status: A Missing Authentication vulnerability (CWE-306) in the Ugreen CM933 (firmware 1.1.59.4319) allows an unauthenticated, remote attacker on the local network connected to the switch to bypass access controls and reach hidden administrative interfaces. This bypass permits unauthorized administrative actions, specifically the upload of custom firmware, ultimately resulting in Remote Code Execution (RCE). A PoC exists, but all exploit details are strictly embargoed at the vendor's request. The manufacturer ([email protected]) has acknowledged the flaw and is releasing a patch in April 2026.
Here is the email exchange with the vendor acknowleding the issue and greenlighting the CVE request (i decided to try vulndb for a change ;) ):
Hello:
Thank you very much for your reply. We will release the version fix in April. Regarding the application for the CVE number you mentioned, you can apply to the CVE organization as the vulnerability discoverer. However, please note:
1. Do not disclose details of the vulnerability exploitation in the vulnerability description or any public pages.
2. If you need to fill in the manufacturer's contact information when applying for the CVE number, please provide [email protected] as our contact information.
thank you.
在 2026年3月31日 14:24,0xd0<[email protected]> 写道:
Hello UGREEN Security Team,
Thank you for the update and for confirming the issue. I am glad to hear that a fix is underway!
Could you please provide an estimated timeline for when the patch will be released?
Additionally, I would like to get a CVE ID reserved for this vulnerability now, so that we have a tracking number to use in your release notes once the patch is live.
Do you plan to request and reserve a CVE for this issue on your end? If not, please let me know and I will go ahead and reserve one through MITRE as the discoverer.
Please let me know if you need any further information from me, or if you would like me to help verify the fix once you have a patch ready for testing.
Greetings!
0xd0 |
|---|
| Benutzer | 0xd0 (UID 96957) |
|---|
| Einreichung | 31.03.2026 13:57 (vor 2 Monaten) |
|---|
| Moderieren | 08.05.2026 21:40 (1 month later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 362337 [UGREEN CM933 1.1.59.4319 Administrative Interface schwache Authentisierung] |
|---|
| Punkte | 17 |
|---|