CVE-2026-8185
Authentication Bypass in UGREEN CM933 Firmware
Publication date: 2026-05-09
Last updated on: 2026-05-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ugreen | cm933 | 1.1.59.4319 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the device's administrative interface, potentially allowing an attacker to view or modify sensitive settings or data. This can compromise the confidentiality, integrity, and availability of the device and its network environment.
Can you explain this vulnerability to me?
This vulnerability affects the UGREEN CM933 device, specifically an unknown function within its Administrative Interface. The issue allows an attacker on the local network to bypass authentication, meaning they can access administrative functions without proper credentials.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the affected component, UGREEN CM933, to the fixed version scheduled for release in late April.
Since the attack requires being on the local network, limiting access to the administrative interface to trusted network segments can also help reduce risk.