CVE-2026-33201
Received Received - Intake
Active Debug Code Vulnerability in GH-WDF10A Enables Root Access

Publication date: 2026-03-26

Last updated on: 2026-03-26

Assigner: JPCERT/CC

Description
Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33201
EUVD
EUVD-2026-16096
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
green_house gh-wdf10a *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-489 The product is released with debugging code still enabled or active.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Digital Photo Frame GH-WDF10A by GREEN HOUSE CO., LTD. is caused by active debug code present in the device. This flaw allows unauthorized parties to read or write files or configurations on the device, or even execute arbitrary files with root privileges.

Essentially, this means that an attacker with physical access to the device can gain full control over it, potentially manipulating its settings or accessing sensitive information stored on it.

Impact Analysis

If exploited, this vulnerability can lead to unauthorized access to information stored on the device, alteration of device settings, and execution of unauthorized operations with root privileges.

This could result in loss of confidentiality, integrity, and availability of the device and its data, posing significant security risks.

  • Unauthorized reading or writing of files and configurations.
  • Execution of arbitrary files with root privileges.
  • Potential control over the device by unauthorized third parties.
Mitigation Strategies

To mitigate the vulnerability in the Digital Photo Frame GH-WDF10A, users should promptly update the device firmware to the latest version provided by GREEN HOUSE via OTA (Over-The-Air) updates.

Until the firmware update is applied, it is advised to keep the device connected to the internet to receive updates and avoid placing the device in locations where unauthorized individuals can easily access or operate it.

Compliance Impact

The vulnerability in the Digital Photo Frame GH-WDF10A allows unauthorized parties to read or write files or configurations on the device, or execute arbitrary files with root privileges. This unauthorized access and control over device data and operations could lead to breaches of confidentiality, integrity, and availability of information stored on the device.

Such security risks may impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and modification. If the device is used to store or process personal data, exploitation of this vulnerability could result in violations of these regulations due to potential data breaches or unauthorized data manipulation.

To mitigate these risks and maintain compliance, it is strongly recommended to apply the corrective firmware update provided by GREEN HOUSE and to restrict physical access to the device until the update is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33201. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart