Cyber Resilience

CVE-2023-26866

CriticalRCE

Published: 04 April 2023

Published
04 April 2023
Modified
13 February 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0926 92.9th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-26866 is a critical-severity Command Injection (CWE-77) vulnerability in Greenpacket Ot-235 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

GreenPacket OH736's WR-1200 Indoor Unit and OT-235 devices running firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively contain a remote command injection vulnerability. The flaw permits arbitrary commands to be executed prior to authentication and with root privileges, resulting in complete device takeover. It is tracked under CWE-77 and carries a CVSS 3.1 score of 9.8 reflecting network attack vector, low complexity, and no required privileges or user interaction.

An unauthenticated remote attacker can send crafted requests to the affected devices to inject and run operating-system commands. Successful exploitation grants full control over the unit, enabling arbitrary code execution, configuration changes, and persistence at the root level.

The two referenced GitHub repositories document the issue but contain no vendor advisories, patches, or mitigation guidance. The associated EPSS scores have remained essentially flat near 0.09 with no material post-disclosure rise.

EU & UK References

Vulnerability details

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

greenpacket
wr-1200 firmware
m-idu-1.6.0.3_v1.1
greenpacket
ot-235 firmware
m-idu-1.6.0.3_v1.1, mh-46360-2.0.3-r5-gp

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References