Description
Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.
Published: 2026-03-26
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Root Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The GH-WDF10A Digital Photo Frame contains active debug code that, when exploited, permits an attacker to read or write files, access configuration data, and execute arbitrary files with root privileges. This level of access effectively gives the attacker full control over the device, enabling manipulation of media content, persistence of malicious code, or further exploitation of connected systems.

Affected Systems

Green House Co., LTD’s Digital Photo Frame GH‑WDF10A is affected. No specific firmware or version numbers are provided in the advisory, so all units of this product model require review.

Risk and Exploitability

The vulnerability has a CVSS score of 7, indicating a high severity. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, but the potential for root privilege escalation suggests a significant exploitation risk. The attack vector appears to be an exposed debug interface on the device; based on the description it is inferred that an attacker with access to this interface could trigger the exploit, though the exact conditions are not detailed in the CVE.

Generated by OpenCVE AI on March 26, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update released by Green House Co., LTD that removes the active debug code from the GH‑WDF10A.
  • If a firmware update is not available, disable any debug mode or feature through the device’s settings, if such an option exists.
  • Perform a factory reset of the device to erase possibly compromised configurations.
  • Configure network segregation or firewall rules to limit the device’s exposure and monitor for suspicious activity.

Generated by OpenCVE AI on March 26, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Debug Code Vulnerability Enabling Root Privileges on Green House Digital Photo Frame

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Green House
Green House digital Photo Frame Gh-wdf10a
Vendors & Products Green House
Green House digital Photo Frame Gh-wdf10a

Thu, 26 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
Description Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.
Weaknesses CWE-489
References
Metrics cvssV3_0

{'score': 6.8, 'vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Green House Digital Photo Frame Gh-wdf10a
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-26T13:55:23.959Z

Reserved: 2026-03-17T23:23:26.571Z

Link: CVE-2026-33201

cve-icon Vulnrichment

Updated: 2026-03-26T13:55:17.970Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T05:16:39.607

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-33201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:08:33Z

Weaknesses