CVE 8.8 HIGH

CVE-2026-31196_CVE-2026-31196

May 6, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.

AI Analysis

Authenticated remote attackers can execute arbitrary commands as root via crafted destAddr parameters using shell command substitution in the traceroute diagnostic handler.

Basic Information

ID CVE-2026-31196

Source mitre

Published May 5, 2026 at 00:00

Modified May 6, 2026 at 18:26

Affected Product

Vendor ALTICE LABS / SFR France

Product GR140DG, GR140IG

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor ALTICE LABS / SFR France

Product GR140DG, GR140IG

Version n/a

References

{
    "lastseen": "",
    "description": "The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.",
    "published": "2026-05-05T00:00:00.000Z",
    "modified": "2026-05-06T18:26:38.156Z",
    "type": "cve",
    "title": "CVE-2026-31196",
    "source": "mitre",
    "references": "http://altice.com\nhttp://gr140dg.com\nhttps://xerod.ai/advisories/XEROD-2026-0002",
    "id": "CVE-2026-31196",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GR140DG, GR140IG",
    "version": "n/a",
    "vendor": "ALTICE LABS / SFR France",
    "ai_description": "Authenticated remote attackers can execute arbitrary commands as root via crafted destAddr parameters using shell command substitution in the traceroute diagnostic handler.",
    "ai_severity": "High",
    "ai_vendor": "ALTICE LABS / SFR France",
    "ai_product": "GR140DG, GR140IG",
    "ai_version": "n/a",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply