CVE-2026-20892
Description
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A code injection vulnerability in Micro Research MR-GM5L-S1 and MR-GM5A-L1 allows an attacker with admin privileges to execute arbitrary commands.
Vulnerability
Description
CVE-2026-20892 is a code injection vulnerability (CWE-94) in Micro Research MR-GM5L-S1 and MR-GM5A-L1 devices. The flaw exists in firmware versions prior to v2.01.04N1_02. An attacker with administrative privileges can inject and execute arbitrary commands due to insufficient input validation [1].
Exploitation
Conditions
Exploitation requires administrative privileges to the device's management interface. No user interaction is needed. The attack vector is network-based, with low attack complexity [1].
Impact
Successful exploitation allows an attacker to execute arbitrary commands with the same privileges as the device firmware, potentially leading to full compromise of the device. The CVSS v3 base score is 7.2 (High), with impacts to confidentiality, integrity, and availability all rated as High [1].
Mitigation
Micro Research recommends updating the firmware to version v2.01.04N1_02 or later [1]. The vendor advisory provides this update as the only solution. No workarounds are mentioned.
_Note: The same advisory also discloses two other vulnerabilities in the same products (CVE-2026-24448 and CVE-2026-27842) that are not covered in this analysis._
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.