Description
DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.
Published: 2026-06-30
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AVTECH Security Corporation’s DGM3103SCT web management console contains an OS command injection flaw. An attacker who is able to log into the console can supply crafted input that is executed by the underlying operating system with root privileges, effectively allowing the attacker to run any command on the device.

Affected Systems

The vulnerable device is AVTECH Security Corporation’s DGM3103SCT IP camera, covering all firmware releases that expose the web management console. No specific version information is provided, so any device that implements the console is potentially affected.

Risk and Exploitability

The CVSS score of 8.6 indicates a high‑severity vulnerability. EPSS is not available, and the issue is not listed in CISA’s KEV catalog, yet the impact remains severe because authenticated users can trigger the injection. The attack vector is inferred to be through the web interface after a valid login, so a local or remote attacker who can reach the console’s network port and authenticate can exploit the flaw. The lack of a public patch suggests a high risk of exploitation if no mitigation is applied promptly.

Generated by OpenCVE AI on June 30, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied firmware update that addresses the command‑injection flaw as soon as it becomes available.
  • If a patch is not available, restrict access to the web management console to a trusted internal network segment or a whitelist of IP addresses.
  • Disable the web‑based management interface when it is not required, and enforce network isolation or VPN access for administration tasks.

Generated by OpenCVE AI on June 30, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Title OS Command Injection in AVTECH DGM3103SCT Web Management Console Allows Arbitrary Root Command Execution

Tue, 30 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
Description DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.
Weaknesses CWE-78
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-06-30T06:00:25.075Z

Reserved: 2026-06-23T06:14:54.358Z

Link: CVE-2026-56808

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T08:30:04Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')