HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Unauthenticated Remote Code Execution in MeiG Smart FORGE_SLT711 LTE CPE (CVE‑2026‑36356) Threatens Telecom Networks

A newly disclosed OS command injection (CVE‑2026‑36356) in MeiG Smart’s FORGE_SLT711 LTE CPE enables attackers to execute arbitrary commands as root without authentication. The vulnerability impacts firmware distributed via carrier channels, exposing telecom operators and their customers to potential network compromise. TPRM teams must assess exposure and enforce remediation.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 exploit-db.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
exploit-db.com

Unauthenticated Remote Code Execution in MeiG Smart FORGE_SLT711 LTE CPE (CVE‑2026‑36356) Exposes Telecom Infrastructure

What Happened — An OS command injection (CVE‑2026‑36356) in the GoAhead web interface of MeiG Smart FORGE_SLT711 LTE CPE allows unauthenticated attackers to execute arbitrary commands as root via the /action/SetRemoteAccessCfg endpoint. The vulnerability resides in the JSON “password” field, which is passed to sprintf and then to system().

Why It Matters for TPRM

  • Critical RCE on network‑edge devices can compromise carrier infrastructure and downstream customers.
  • Firmware is distributed through carrier channels, making patch rollout dependent on telecom operators.
  • The device is often internet‑exposed, providing a low‑effort foothold for large‑scale botnets or data interception.

Who Is Affected — Telecommunications providers, ISPs, enterprises that deploy MeiG Smart LTE CPE, and managed service providers that include these devices in their service portfolio.

Recommended Actions

  • Verify inventory of MeiG Smart FORGE_SLT711 units and their firmware versions.
  • Apply vendor‑released patches or upgrade to a non‑vulnerable firmware release immediately.
  • Enforce network segmentation and restrict access to the device’s management interface (e.g., VPN, ACLs).
  • Deploy outbound traffic monitoring to detect anomalous command execution patterns.

Technical Notes — The exploit sends an HTTP POST to /action/SetRemoteAccessCfg with a JSON payload {"password":"$(<cmd>)"}; the server’s sprintf("echo root:\"%s\"|chpasswd") leads to command execution as uid=0. The attack is blind (no command output returned). Affects firmware MDM9607.LE.1.0-00110-STD.PROD-1 and likely all versions of the product line. CVE‑2026‑36356. Source: https://www.exploit-db.com/exploits/52581

📰 Original Source
https://www.exploit-db.com/exploits/52581

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →