Description
A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component. The vendor replied: "We have successfully confirmed and reproduced the issue. We take this matter very seriously and have incorporated the fix into our development schedule. The issue is scheduled to be resolved in the release version coming in late April."
References (3)
Core 3
Core References
Vdb Entry vdb-entry
VDB-362337 | UGREEN CM933 Administrative missing authentication
https://vuldb.com/vuln/362337
Signature, Permissions Required signature
permissions-required
VDB-362337 | CTI Indicators (IOB, IOC)
https://vuldb.com/vuln/362337/cti
Third Party Advisory third-party-advisory
Submit #793588 | UGREEN CM933 Managed Network Switch 1.1.59.4319 CWE-306: Missing Authentication for Critical Function
https://vuldb.com/submit/793588
Scores
CVSS v3
6.3
EPSS
0.0032
EPSS Percentile
23.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
CWE-306
Status
published
Products (1)
UGREEN/CM933
1.1.59.4319
Published
May 09, 2026
Tracked Since
May 09, 2026