CVE-2026-8185— UGREEN CM933 Administrative missing authentication

UGREEN CM933 Administrative missing authentication

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component. The vendor replied: "We have successfully confirmed and reproduced the issue. We take this matter very seriously and have incorporated the fix into our development schedule. The issue is scheduled to be resolved in the release version coming in late April."

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

关键功能的认证机制缺失

UGREEN CM933 授权问题漏洞

UGREEN CM933是中国绿联（UGREEN）公司的一款提供多接口扩展与数据传输功能的USB集线器设备。 UGREEN CM933 1.1.59.4319版本存在授权问题漏洞，该漏洞源于管理接口组件中未知功能导致缺少身份验证，攻击者需位于本地网络。

N/A

N/A