CRITICALCVE-2026-2686Published 2026-02-19Modified 2026-02-24CNA VulDB

CVE-2026-2686: SECCN Dingcheng G10 session_login.cgi qq os command injection

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

SECCN Dingcheng / G10
3.1.0.181203

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-346488 | SECCN Dingcheng G10 session_login.cgi qq os command injection
VDB-346488 | CTI Indicators (IOB, IOC, TTP, IOA)
Submit #754200 | SECCN SECCN G10 VPN V3.1.0.181203 Unauthorized RCE
github.com
github.com

Metrics