CVE-2026-8185

MEDIUM 6.3

UGREEN CM933 Administrative missing authentication

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

1th

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component. The vendor replied: "We have successfully confirmed and reproduced the issue. We take this matter very seriously and have incorporated the fix into our development schedule. The issue is scheduled to be resolved in the release version coming in late April."

CWE	CWE-306 CWE-287
Vendor	ugreen
Product	cm933
Published	May 9, 2026
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for ugreen cm933

Be the first to know when new medium vulnerabilities affecting ugreen cm933 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

UGREEN / CM933

1.1.59.4319

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/362337 vuldb.com: https://vuldb.com/vuln/362337/cti vuldb.com: https://vuldb.com/submit/793588

Credits

🔍 0xd0 (VulDB User) VulDB CNA Team