Vulnerabilities ›

CVE-2026-8185

Medium

CWE-287 — Weakness Type

                    Published: May 9, 2026                      ·  Modified: May 12, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component. The vendor replied: "We have successfully confirmed and reproduced the issue. We take this matter very seriously and have incorporated the fix into our development schedule. The issue is scheduled to be resolved in the release version coming in late April."

🤖 AI Executive Summary

CVE-2026-8185 is a missing authentication vulnerability in UGREEN CM933 version 1.1.59.4319's administrative interface that allows local network attackers to bypass authentication controls. The vendor has confirmed the issue and scheduled a fix for late April.

📄 Description (Arabic)

ثغرة عدم المصادقة في مكون الواجهة الإدارية لجهاز UGREEN CM933 الإصدار 1.1.59.4319 تسمح للمهاجمين على الشبكة المحلية بتجاوز آليات المصادقة. الهجوم يتطلب الوجود على الشبكة المحلية للجهاز. أقرت الشركة المصنعة بالمشكلة وجدولت إصدار إصلاح في أواخر أبريل.

🤖 ملخص تنفيذي (AI)

A missing authentication flaw exists in UGREEN CM933 1.1.59.4319 administrative interface, enabling local network attackers to gain unauthorized access. The vendor confirmed the vulnerability and plans to release a patch in late April.

🤖 AI Intelligence Analysis Analyzed: May 18, 2026 20:08

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom government energy

🎯 MITRE ATT&CK Techniques

T1078 T1199

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade UGREEN CM933 to the patched version when released in late April 2026. Until then, restrict administrative interface access to trusted networks only, implement network segmentation to isolate the device, disable remote administrative access, and monitor for unauthorized access attempts to the administrative interface.

🔧 خطوات المعالجة (العربية)

قم بترقية UGREEN CM933 إلى الإصدار المصحح عند إصداره في أواخر أبريل 2026. في الوقت الحالي، قيد الوصول إلى واجهة الإدارة للشبكات الموثوقة فقط، وطبق تقسيم الشبكة لعزل الجهاز، وعطل الوصول الإداري البعيد، وراقب محاولات الوصول غير المصرح بها.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2

🔵 SAMA CSF

AC-2 AC-3

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1

🔗 References & Sources 3

🔗

https://vuldb.com/submit/793588

cna@vuldb.com

🔗

https://vuldb.com/vuln/362337

cna@vuldb.com

🔗

https://vuldb.com/vuln/362337/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorA — Adjacent

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-287

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-05-09

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-287

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-8185

Introduce Yourself

Sign In Required