A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component. The vendor replied: "We have successfully confirmed and reproduced the issue. We take this matter very seriously and have incorporated the fix into our development schedule. The issue is scheduled to be resolved in the release version coming in late April."
CVE-2026-8185 is a missing authentication vulnerability in UGREEN CM933 version 1.1.59.4319's administrative interface that allows local network attackers to bypass authentication controls. The vendor has confirmed the issue and scheduled a fix for late April.
ثغرة عدم المصادقة في مكون الواجهة الإدارية لجهاز UGREEN CM933 الإصدار 1.1.59.4319 تسمح للمهاجمين على الشبكة المحلية بتجاوز آليات المصادقة. الهجوم يتطلب الوجود على الشبكة المحلية للجهاز. أقرت الشركة المصنعة بالمشكلة وجدولت إصدار إصلاح في أواخر أبريل.
A missing authentication flaw exists in UGREEN CM933 1.1.59.4319 administrative interface, enabling local network attackers to gain unauthorized access. The vendor confirmed the vulnerability and plans to release a patch in late April.
Immediately upgrade UGREEN CM933 to the patched version when released in late April 2026. Until then, restrict administrative interface access to trusted networks only, implement network segmentation to isolate the device, disable remote administrative access, and monitor for unauthorized access attempts to the administrative interface.
قم بترقية UGREEN CM933 إلى الإصدار المصحح عند إصداره في أواخر أبريل 2026. في الوقت الحالي، قيد الوصول إلى واجهة الإدارة للشبكات الموثوقة فقط، وطبق تقسيم الشبكة لعزل الجهاز، وعطل الوصول الإداري البعيد، وراقب محاولات الوصول غير المصرح بها.