MeiG Smart FORGE_SLT711 - OS Command Injection

Exploit Title: MeiG Smart FORGESLT711 - OS Command Injection Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.meigsmart.com Software Link: N/A firmware distributed via carrier channels Version: Firmware MDM9607.LE.1.0-00110-STD.PROD-1 likely all firmware versions of thi...

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

PT-2026-37044

Name of the Vulnerable Software and Affected Versions MeiG Smart FORGE SLT711 version MDM9607.LE.1.0-00110-STD.PROD-1 Description The GoAhead web server allows unauthenticated OS command injection, a flaw where an attacker can execute arbitrary operating system commands on the device. This issue...

MeiG FORGE_SLT711 操作系统命令注入漏洞

MeiG FORGESLT711 is an industrial-grade wireless communication module developed by MeiG Corporation. MeiG FORGESLT711 has a vulnerability related to operating system command injection. This vulnerability stems from issues with the /action/SetRemoteAccessCfg endpoint in the GoAhead Web server, whi...

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

CVE-2026-36356

The CVE-2026-36356 issue affects MeiG Smart FORGE_SLT711 devices running firmware MDM9607.LE.1.0-00110-STD.PROD-1, where the GoAhead web server exposes an unauthenticated /action/SetRemoteAccessCfg endpoint that injects user input into a shell command via sprintf()/system(), enabling arbitrary co...

Exploit for CVE-2026-36356

CVE-2026-36356: MeiG Smart FORGESLT711 GoAhead — Unauthentica...