CVE-2026-36356

Published
View on NVD ↗
CVSS v3
9.1
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT

Description

The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.

totekuh/CVE-2026-36356
totekuh/CVE-2026-36356
CVE-2026-36356: MeiG Smart FORGE_SLT711 GoAhead - Unauthenticated OS Command Injection (RCE as root)
GitHubGitHub
1