SB2026031157 - Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026031157

SB2026031157 - Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1

Published: March 11, 2026

Security Bulletin ID SB2026031157
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Code Injection (CVE-ID: CVE-2026-20892)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote administrator can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Use of hard-coded credentials (CVE-ID: CVE-2026-24448)

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2026-27842)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the authentication bypass using an alternate path or channel. A remote attacker can bypass authentication and change the device configuration.


Remediation

Install update from vendor's website.

References