HIGH
Shenzhen Cudy Technology Co., Ltd.
CVE published 2026-06-26
CVE-2026-32833
CVE-2026-32833 is an OS command injection vulnerability in Cudy LT300 3.0 devices running firmware prior to version 2.5.12. The vulnerability allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. This can be exploited through the NTP settings endpoint, potentially leading to [truncated]