CVE-2026-36356

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.

Vulnerability Details

Published Date

May 05, 2026

Last Modified

May 07, 2026

CWE ID

CWE-78

Source

NVD

External References

http://forgeslt711.com
http://meig.com
https://github.com/totekuh/CVE-2026-36356

CVE-2026-36356

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment