CVE-2026-20892
Received Received - Intake
Code Injection in MR-GM5L-S1 and MR-GM5A-L1 Enables Command Execution

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: JPCERT/CC

Description
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20892
EUVD
EUVD-2026-11087
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
micro_research mr-gm5l-s1 to 2.01.04N1_02 (exc)
micro_research mr-gm5a-l1 to 2.01.04N1_02 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2026-20892, is a code injection flaw found in the Micro Research MR-GM5L-S1 and MR-GM5A-L1 devices. It allows an attacker who already has administrative privileges to execute arbitrary commands on the affected device. Essentially, this means that once an attacker gains admin access, they can run any code they want, potentially taking full control of the device.

Impact Analysis

The impact of this vulnerability is severe because it enables an attacker with administrative privileges to execute arbitrary commands on the device. This can lead to complete device compromise, allowing the attacker to control the device fully.

Exploitation of this vulnerability can result in unauthorized remote code execution, data theft, data tampering, destruction of data, and potentially using the compromised device as a foothold to attack other systems.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The recommended immediate step to mitigate this vulnerability is to update the device firmware to the latest version provided by Micro Research Ltd.'}, {'type': 'list_item', 'content': 'Ensure the firmware version is updated to v2.01.04N1_02 or later.'}, {'type': 'list_item', 'content': 'Check the current firmware version via the GUI settings status screen on the device.'}, {'type': 'list_item', 'content': "Contact Micro Research's vulnerability response desk if further assistance is needed."}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20892. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart