CVE-2026-32833

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system.

Vulnerability Details

Published Date

June 26, 2026

Last Modified

June 26, 2026

CWE ID

CWE-78

Source

NVD

Vendor

Shenzhen Cudy Technology Co., Ltd.

Product

LT300 3.0

External References

https://www.cudy.com/en-us/pages/download-center/lt300-3-0
https://www.vulncheck.com/advisories/cudy-lt300-os-command-injection-via-ntp-configuration

CVE-2026-32833

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment