๐Ÿ” CVE Alert

CVE-2026-15494

MEDIUM 4.7

AMTT Hotel Broadband Operation System switch_status.php sql injection

CVSS Score
4.7
EPSS Score
0.2%
EPSS Percentile
10th

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE CWE-89 CWE-74
Vendor amtt
Product hotel broadband operation system
Published Jul 12, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for amtt hotel broadband operation system

Be the first to know when new medium vulnerabilities affecting amtt hotel broadband operation system are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

AMTT / Hotel Broadband Operation System
1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377801 vuldb.com: https://vuldb.com/vuln/377801/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15494 vuldb.com: https://vuldb.com/submit/844454 github.com: https://github.com/MichaelZhuang521/cve/issues/4

Credits

๐Ÿ” MichaelChong (VulDB User) MichaelChong (VulDB User) VulDB CNA Team