Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
SECCN Dingcheng G10 3.1.0.181203: Remote Command Injection Risk
CVE-2026-2686
Summary
A remote attacker can inject malicious system commands through the 'User' input in the /cgi-bin/session_login.cgi file, potentially allowing unauthorized access and control of the system. This makes it possible for a hacker to access sensitive information or disrupt the system. Update to the latest version of SECCN Dingcheng G10 to fix this issue.
Original title
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to o...
Original description
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026