Home

Description

An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk

PUBLISHED Reserved 2026-06-08 | Published 2026-07-08 | Updated 2026-07-09 | Assigner mitre

References

github.com/lamaper/CVE-2026-52200 exploit

github.com/lamaper/UZ801-MifiService-Broken-Access-Control

github.com/lamaper/CVE-2026-52200

cve.org (CVE-2026-52200)

nvd.nist.gov (CVE-2026-52200)

Download JSON