CVE-2025-26856

Name of the Vulnerable Software and Affected Versions UD-LT2 firmware versions 1.00.008 SE and earlier

Description An issue exists with the improper neutralization of special elements used in an OS command, allowing for the execution of arbitrary OS commands. This can occur if an attacker logs in with an administrative account and manipulates requests for a certain screen operation.

Recommendations For UD-LT2 firmware versions 1.00.008 SE and earlier, consider restricting access to administrative accounts and limiting the ability to manipulate screen operation requests until a patch is available. As a temporary workaround, restrict the use of the affected screen operation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.