|
[Japanese]
|
JVNDB-2026-000094
|
DGM3103SCT vulnerable to OS command injection
|
DGM3103SCT provided by AVTECH Security Corporation contains the following vulnerability.- OS command injection (CWE-78) - CVE-2026-56808
Tomoya KITAGAWA, Satoki TSUJI, Seiya NAKATA, and Yudai FUJIWARA of Ricerca Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 7.2 (High) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
CVSS v4 Severity
Base Metrics: 8.6 (High) [IPA Score]
- Access Vector (AV): Network
- Attack Complexity (AC): Low
- Attack Requirements (AT): None
- Privileges Required (PR): High
- User Interaction (UI): None
Vulnerable System Impact
- Confidentiality Impact (VC): High
- Integrity Impact (VI): High
- Availability Impact (VA): High
Subsequent System Impact
- Confidentiality Impact (SC): None
- Integrity Impact (SI): None
- Availability Impact (SA): None
|
|
AVTECH Security Corporation
- DGM3103SCT firmware version 3.2.5.4 and prior
|
|
Arbitrary commands may be executed with the root privilege by a user who can log in to the web management console of the affected product.
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
|
AVTECH Security Corporation
|
- OS Command Injection(CWE-78) [IPA Evaluation]
|
- CVE-2026-56808
|
- JVN : JVN#28979424
|
- [2026/06/30]
Web page was published
|