EIP-2026-101774

PRE-CVE

Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101774. PoCs published by Gergely Eberhardt.

AI-analyzed exploit summary The document describes multiple vulnerabilities in Hitron CGNV4 modems, including insecure session management, missing CSRF protection, and an authenticated command injection via the ping diagnostic function. No actual exploit code is provided, only a detailed writeup.

Description

Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Gergely Eberhardt · textwebappshardware

https://www.exploit-db.com/exploits/40158

View Code ZIP pw:eip

The document describes multiple vulnerabilities in Hitron CGNV4 modems, including insecure session management, missing CSRF protection, and an authenticated command injection via the ping diagnostic function. No actual exploit code is provided, only a detailed writeup.

Classification

Writeup 90%

Attack Type

Rce | Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Hitron CGNV4, firmware 4.3.9.9-SIP-UPC

Auth required

Prerequisites: Valid session or default admin credentials · Network access to the device

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026