CVE-2026-36827

Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8

Description A command injection issue exists in the web management interface, which invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper uses the eval function for unsafe argument processing, allowing an authenticated remote attacker to execute arbitrary shell commands.

Recommendations Update to a version later than V7.7.