{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2686", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-18T14:09:31.781Z", "datePublished": "2026-02-19T00:02:07.214Z", "dateUpdated": "2026-02-24T15:49:44.615Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:27:01.636Z"}, "title": "SECCN Dingcheng G10 session_login.cgi qq os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "SECCN Dingcheng", "product": "G10", "versions": [{"version": "3.1.0.181203", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "CRITICAL"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R", "baseSeverity": "CRITICAL"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R", "baseSeverity": "CRITICAL"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR"}}], "timeline": [{"time": "2026-02-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-18T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-18T15:18:35.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Ruler-Chovy (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346488", "name": "VDB-346488 | SECCN Dingcheng G10 session_login.cgi qq os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346488", "name": "VDB-346488 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754200", "name": "Submit #754200 | SECCN SECCN G10 VPN V3.1.0.181203 Unauthorized RCE", "tags": ["third-party-advisory"]}, {"url": "https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md", "tags": ["related"]}, {"url": "https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md#2-vulnerability-reproduction-proof-of-concept", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T15:49:32.483583Z", "id": "CVE-2026-2686", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T15:49:44.615Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2686", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T15:49:32.483583Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T15:49:40.472Z"}}], "cna": {"title": "SECCN Dingcheng G10 session_login.cgi qq os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "Ruler-Chovy (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR"}}], "affected": [{"vendor": "SECCN Dingcheng", "product": "G10", "versions": [{"status": "affected", "version": "3.1.0.181203"}]}], "timeline": [{"lang": "en", "time": "2026-02-18T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-18T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-18T15:18:35.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346488", "name": "VDB-346488 | SECCN Dingcheng G10 session_login.cgi qq os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346488", "name": "VDB-346488 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754200", "name": "Submit #754200 | SECCN SECCN G10 VPN V3.1.0.181203 Unauthorized RCE", "tags": ["third-party-advisory"]}, {"url": "https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md", "tags": ["related"]}, {"url": "https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md#2-vulnerability-reproduction-proof-of-concept", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:27:01.636Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2686", "state": "PUBLISHED", "dateUpdated": "2026-02-24T15:49:44.615Z", "dateReserved": "2026-02-18T14:09:31.781Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-19T00:02:07.214Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de seguridad en SECCN Dingcheng G10 3.1.0.181203. Esto afecta a la funci\u00f3n qq del archivo /cgi-bin/session_login.cgi. La manipulaci\u00f3n del argumento User conduce a una inyecci\u00f3n de comandos del sistema operativo. El ataque puede llevarse a cabo de forma remota. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-2686", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-19T00:16:22.143", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md#2-vulnerability-reproduction-proof-of-concept"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.346488"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.346488"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.754200"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0.181203"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "G10", "source": "cna", "vendor": "SECCN Dingcheng"}, "product": "g10", "vendor": "seccn_dingcheng"}], "analysis": {"en": {"generated_at": "2026-04-17T18:20:28.342172+00:00", "value": {"mitigation_remediation": ["Upgrade SECCN Dingcheng G10 to a version that includes the vendor\u2019s fix for the sys command injection in session_login.cgi.", "If an updated version is not immediately available, restrict external access to /cgi-bin/session_login.cgi using firewall or web application firewall rules to limit exposure.", "Apply manual input validation or sanitization on the User parameter to prevent unsanitized command execution, ensuring that only legitimate login data is processed."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "This vulnerability affects SECCN Dingcheng\u2019s G10 web server component, specifically version 3.1.0.181203. No other versions or products are listed, so the affected scope is limited to installations running that exact build of G10.", "description_and_impact": "An OS command injection flaw was discovered in the qq function of the /cgi-bin/session_login.cgi script in SECCN Dingcheng G10 3.1.0.181203. By supplying a crafted User argument, an attacker can execute arbitrary operating\u2011system commands on the web server. The vulnerability is both a command injection (CWE\u201177) and an operating\u2011system command injection (CWE\u201178) issue, allowing an attacker to compromise confidentiality, integrity, and availability of the affected host.", "risk_and_exploitability": "The flaw carries a CVSS base score of 9.3, indicating a high\u2011severity risk. While the EPSS score is below 1\u202f%, indicating low probability of exploitation in the wild, the exploit has already been disclosed publicly and could be used remotely if the vulnerable script is reachable over the network. The attack vector is network\u2011based, requiring no authentication or local access, and it exploits unchecked user input that is directly passed to a system command."}}}}, "created": "2026-02-19T10:07:57.948687+00:00", "updated": "2026-04-17T18:30:05.649046+00:00", "vendors": ["seccn_dingcheng", "seccn_dingcheng$PRODUCT$g10"]}