CVE Catalog

CVE-2026-49195

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

Unauthenticated Debug Service is exposed on TCP port 9000. The /sbin/mtk_dut binary allows LAN-based attackers to execute arbitrary UCC commands.

Risk Assessment

The lack of authentication in the debug service poses a serious risk, allowing local network attackers to execute unauthorized commands, potentially compromising the system.

Recommendation

It is recommended to block access to TCP port 9000 and implement appropriate authentication mechanisms for the debug service.

Original NVD description (English source)

Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS