LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-27842

CVE-2026-27842 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 11, 2026

MR-GM5L-S1 & MR-GM5A-L1 - Authentication Bypass

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

MR-GM5L-S1 and MR-GM5A-L1 contain an authentication bypass caused by an unspecified issue, letting attackers bypass authentication and change device configuration, exploit requires no special conditions.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 9.9%(Probability of exploitation in next 30 days)

Impact

Attackers can bypass authentication and change device configuration, potentially compromising device security and functionality.

Mitigation

Update to the latest available version.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 11, 2026

šŸ”“ CVE-2026-27842 - Critical (9.8) Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-27842/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-27842
Severity
Critical
CVSS Score
9.8
Type
broken_authentication
Status
unconfirmed
EPSS
9.9%
Social Posts
1

CWE

  • CWE-288

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

9.9%Probability of exploitation in the next 30 days