CVE-2026-2686

Name of the Vulnerable Software and Affected Versions SECCN Dingcheng G10 version 3.1.0.181203

Description A security issue has been identified in SECCN Dingcheng G10 version 3.1.0.181203. The qq function within the /cgi-bin/session login.cgi file is susceptible to operating system command injection. Manipulation of the User parameter can lead to remote execution of arbitrary commands. The exploit for this issue has been publicly disclosed. The attack can be carried out remotely.

Recommendations Versions prior to 3.1.0.181203 are affected. As a temporary workaround, consider restricting access to the /cgi-bin/session login.cgi file until a fix is available. Avoid using the User parameter in the /cgi-bin/session login.cgi endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.