CVE Catalog
CVE-2026-49195
HighCVSS 8.8Summary
Unauthenticated Debug Service is exposed on TCP port 9000. The /sbin/mtk_dut binary allows LAN-based attackers to execute arbitrary UCC commands.
Risk Assessment
The lack of authentication in the debug service poses a serious risk, allowing local network attackers to execute unauthorized commands, potentially compromising the system.
Recommendation
It is recommended to block access to TCP port 9000 and implement appropriate authentication mechanisms for the debug service.
Original NVD description (English source)
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.

