Description
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
Published: 2026-03-11
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Authentication bypass, configuration compromise
Action: Patch immediately
AI Analysis

Impact

Authentication bypass issue exists in Micro Research Ltd. devices MR-GM5L-S1 and MR-GM5A-L1, allowing an attacker to access and modify device configuration settings without proper authentication. The identified weakness is CWE-288, which indicates improper enforcement of authentication controls. An exploited vulnerability would give attackers the ability to change configuration parameters, potentially altering device behavior or connectivity.

Affected Systems

The affected systems are the Micro Research Ltd. MR‑GM5L‑S1 and MR‑GM5A‑L1 models. No specific firmware or patch version information was provided, so any installed firmware on these models should be considered vulnerable until a vendor update is applied.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.3, indicating critical severity, while the EPSS score is reported as less than 1%, suggesting a low current exploitation probability. This issue is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is remote through the device’s management interface; local access may also enable exploitation, but the required conditions are minimal, contributing to a high risk level.

Generated by OpenCVE AI on March 17, 2026 at 17:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update for MR‑GM5L‑S1 and MR‑GM5A‑L1 from the Micro Research Ltd. website
  • If a firmware update is not yet available, isolate the device from critical network segments and restrict management access to trusted hosts
  • Monitor device logs for unauthorized configuration changes

Generated by OpenCVE AI on March 17, 2026 at 17:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Micro Research MR‑GM5 Devices Allowing Unauthorized Configuration Changes

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Micro Research
Micro Research mr-gm5a-l1
Micro Research mr-gm5l-s1
Vendors & Products Micro Research
Micro Research mr-gm5a-l1
Micro Research mr-gm5l-s1

Wed, 11 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
Weaknesses CWE-288
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Micro Research Mr-gm5a-l1 Mr-gm5l-s1
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-11T15:39:46.393Z

Reserved: 2026-03-10T01:23:00.998Z

Link: CVE-2026-27842

cve-icon Vulnrichment

Updated: 2026-03-11T15:39:23.113Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T06:17:13.867

Modified: 2026-03-11T13:52:47.683

Link: CVE-2026-27842

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:52Z

Weaknesses