Description
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
Published: 2026-03-11
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a code injection flaw (CWE-94) that allows an attacker with administrative privileges on a Micro Research Ltd. MR‑GM5L‑S1 or MR‑GM5A‑L1 device to execute arbitrary commands. This flaw can lead to a complete compromise of the affected system, as any command can be run with the privileges of the service or configuration in which the injection is possible, threatening both integrity and availability.

Affected Systems

Micro Research Ltd. products MR‑GM5L‑S1 and MR‑GM5A‑L1 are affected. No specific firmware or software version information is provided; administrators should assume that all current releases of these models may be vulnerable until a patch is released.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity. EPSS shows an exploitation likelihood of less than 1%, indicating a low probability of automated attacks, but the impact would be severe if exploited. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly documented exploits yet. Attack exploitation requires local administrative access, implying an insider or compromised account scenario; thus the risk is significant for organizations that provide or share administrative credentials.

Generated by OpenCVE AI on March 17, 2026 at 16:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-provided patch or firmware update as soon as it becomes available.
  • Restrict administrative privileges to only essential personnel and enforce least‑privilege principles.
  • Monitor system logs for abnormal command execution or injection‑related activity.
  • Check the vendor’s website or support channels regularly for updates or advisories on this vulnerability.

Generated by OpenCVE AI on March 17, 2026 at 16:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title Code injection in Micro Research MR‑GM5L‑S1 and MR‑GM5A‑L1 allowing command execution

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Micro Research
Micro Research mr-gm5a-l1
Micro Research mr-gm5l-s1
Vendors & Products Micro Research
Micro Research mr-gm5a-l1
Micro Research mr-gm5l-s1

Wed, 11 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
Weaknesses CWE-94
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Micro Research Mr-gm5a-l1 Mr-gm5l-s1
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-11T15:39:46.667Z

Reserved: 2026-03-10T01:23:02.687Z

Link: CVE-2026-20892

cve-icon Vulnrichment

Updated: 2026-03-11T15:39:27.454Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T06:17:13.510

Modified: 2026-03-11T13:52:47.683

Link: CVE-2026-20892

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:54Z

Weaknesses