Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
MR-GM5L-S1 and MR-GM5A-L1 allow unauthorized administrator commands
CVE-2026-20892
Summary
Certain models of MR-GM5L-S1 and MR-GM5A-L1 devices contain a security weakness that could let someone with administrator access run unauthorized system commands. This could potentially allow an attacker to make unauthorized changes to the device or disrupt its operation. Users should update their devices with the latest software patches to fix this issue.
Original title
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
Original description
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
nvd CVSS3.0
7.2
nvd CVSS4.0
8.6
Vulnerability type
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026