CVE-2021-26637
HIGHSiHAS SGW-300, ACM-300, GCM-300 Firmware - Unauthenticated Remote Device Control
Title source: llmDescription
There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.
References (1)
Core 1
Core References
Broken Link, Third Party Advisory, VDB Entry x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66782
Scores
CVSS v3
8.8
EPSS
0.0174
EPSS Percentile
74.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-306
CWE-862
Status
published
Products (3)
shinasys/sihas_acm-300_firmware
(2 CPE variants)
shinasys/sihas_gcm-300_firmware
(2 CPE variants)
shinasys/sihas_sgw-300_firmware
(2 CPE variants)
Published
Jun 23, 2022
Tracked Since
Feb 18, 2026