Home / Vulnerability Intelligence / CVE-2026-24448

CVE-2026-24448 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 11, 2026

MR-GM5L-S1 & MR-GM5A-L1 - Hardcoded Credentials

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

MR-GM5L-S1 and MR-GM5A-L1 contain a hardcoded credentials vulnerability caused by embedded static credentials, letting attackers obtain administrative access, exploit requires no special conditions.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.5%(Probability of exploitation in next 30 days)

Impact

Attackers can gain administrative access, leading to full control over the device.

Mitigation

Update to the latest available version or firmware that removes hardcoded credentials.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 11, 2026

🔴 CVE-2026-24448 - Critical (9.8) Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24448/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-24448
Severity: Critical
CVSS Score: 9.8
Type: hardcoded_credentials
Status: unconfirmed
EPSS: 4.5%
Social Posts: 1

CWE

CWE-798

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.5%Probability of exploitation in the next 30 days