CVE-2026-36356
Unauthenticated OS Command Injection in MeiG Smart FORGE_SLT711
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meig | forgeslt711 | mdm9607.le.1.0-00110-std.prod-1 |
| gohahead | gohahead | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-36356 is an unauthenticated OS command injection vulnerability found in the MeiG Smart FORGE_SLT711 4G LTE CPE devices that use the GoAhead web server.
The flaw exists in the HTTP endpoint `/action/SetRemoteAccessCfg`, which does not require authentication and allows attackers to execute arbitrary commands as root.
This happens because the GoAhead server configuration is missing an authentication route entry for this endpoint, and the server uses an unsafe `sprintf()` followed by a `system()` call that interpolates user-controlled JSON input directly into a shell command without sanitization.
Attackers can exploit this by sending a crafted POST request with a malicious `password` field in JSON format, enabling them to execute commands with root privileges.
How can this vulnerability impact me? :
This vulnerability allows an attacker to gain persistent root access to the affected device without any authentication.
By exploiting the command injection, attackers can execute arbitrary commands on the device, potentially installing backdoors such as a telnet backdoor for continued access.
This can lead to full compromise of the device, unauthorized control, data theft, disruption of services, or use of the device as part of a larger attack.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the /action/SetRemoteAccessCfg endpoint on the affected MeiG Smart FORGE_SLT711 devices and observing if arbitrary commands can be executed without authentication.
A practical detection method involves using the provided Python exploit script poc_rce.py, which automates sending malicious JSON payloads to test for command injection.
Alternatively, you can manually test by sending a POST request with a JSON body containing a malicious 'password' field to the endpoint, for example using curl:
- curl -X POST http://<target-ip>/action/SetRemoteAccessCfg -H "Content-Type: application/json" -d '{"password":";id;"}'
If the device executes the injected command (like 'id'), it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /action/SetRemoteAccessCfg endpoint by implementing network-level controls such as firewall rules to block unauthorized access.
Disabling or isolating the affected device from untrusted networks until a patch or firmware update is applied is recommended.
Monitor network traffic for suspicious POST requests to the endpoint and look for signs of exploitation attempts.
Contact the device vendor for firmware updates or patches that address the unauthenticated command injection vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated remote attackers to execute arbitrary OS commands as root on affected devices, potentially leading to unauthorized access and control over sensitive data.
Such unauthorized access and potential data breaches could result in non-compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.
Therefore, exploitation of this vulnerability could compromise the confidentiality, integrity, and availability of data, leading to violations of these regulatory requirements.