CVE ID :CVE-2026-41446
Published : April 28, 2026, 10:16 p.m. | 1 hour, 59 minutes ago
Description :Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : April 28, 2026, 10:16 p.m. | 1 hour, 59 minutes ago
Description :Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-41446
Unknown
N/A
N/A
⚠️ Vulnerability Description:
IMMEDIATE ACTIONS
1. Identify and inventory all instances of server infrastructure utilizing Apache Tomcat, specifically focusing on versions 9.x, 10.x, and 11.x. This vulnerability, CVE-2026-41446, is a critical deserialization vulnerability affecting the AJP (Apache JServ Protocol) connector, potentially leading to Remote Code Execution
💡 AI-generated — review with a security professional before acting.View on NVD →