Executive Summary

CVE-2026-2668 is an unauthorized access vulnerability in the Rongzhitong Visual Integrated Command and Dispatch Platform, specifically in the User Handler component at the endpoint /dm/dispatch/user/add.

This flaw allows attackers to bypass authentication and access this endpoint remotely without any authorization.

By exploiting this vulnerability, an attacker can add arbitrary users to the system, compromising system integrity and security.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to unauthorized creation of users, which compromises the confidentiality, integrity, and availability of the system.

Attackers can remotely exploit this flaw without authentication, potentially gaining persistent unauthorized access and control over the system.

This can result in unauthorized data access, manipulation, or disruption of services.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability affects the endpoint /dm/dispatch/user/add in the Rongzhitong Visual Integrated Command and Dispatch Platform. Detection can focus on monitoring unauthorized or unexpected access attempts to this specific endpoint.'}, {'type': 'paragraph', 'content': 'Network detection can involve inspecting HTTP requests targeting the /dm/dispatch/user/add path for suspicious activity, such as POST requests that add users without proper authentication.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect exploitation attempts include using network traffic analysis tools like tcpdump or Wireshark to filter for requests to the vulnerable endpoint. For example:'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/dm/dispatch/user/add'"}, {'type': 'list_item', 'content': "Using web server logs, grep for access to /dm/dispatch/user/add to identify suspicious POST requests: grep '/dm/dispatch/user/add' /var/log/nginx/access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for creation of new users or unexpected changes in user accounts on the system can help detect exploitation.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves restricting access to the vulnerable endpoint /dm/dispatch/user/add to prevent unauthorized remote exploitation.

Implement firewall rules or network access controls to block external access to this endpoint unless it is absolutely necessary and properly secured.

• Configure firewall to deny inbound traffic to the /dm/dispatch/user/add path or the associated service port from untrusted networks.
• If possible, apply authentication and authorization checks on the affected component to ensure only authorized users can access the endpoint.

Monitor logs for any suspicious activity related to user additions and review user accounts for unauthorized changes.

Since the vendor has not provided a patch or response, these network-level mitigations are critical to reduce risk until an official fix is available.

Useful 0 Not Useful 0