Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-33201

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-26 Mar, 2026 | 04:18
Updated At-26 Mar, 2026 | 13:55
Rejected At-
Credits

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:26 Mar, 2026 | 04:18
Updated At:26 Mar, 2026 | 13:55
Rejected At:
â–¼CVE Numbering Authority (CNA)

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.

Affected Products
Vendor
GREEN HOUSE CO., LTD.
Product
Digital Photo Frame GH-WDF10A
Versions
Affected
  • all versions
Problem Types
TypeCWE IDDescription
CWECWE-489Active debug code
Type: CWE
CWE ID: CWE-489
Description: Active debug code
Metrics
VersionBase scoreBase severityVector
3.06.8MEDIUM
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.07.0HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.green-house.co.jp/note/info_gh-wdf10a/
N/A
https://jvn.jp/en/jp/JVN18035227/
N/A
Hyperlink: https://www.green-house.co.jp/note/info_gh-wdf10a/
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN18035227/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:26 Mar, 2026 | 05:16
Updated At:26 Mar, 2026 | 15:13

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.0HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.06.8MEDIUM
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-489Primaryvultures@jpcert.or.jp
CWE ID: CWE-489
Type: Primary
Source: vultures@jpcert.or.jp
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/jp/JVN18035227/vultures@jpcert.or.jp
N/A
https://www.green-house.co.jp/note/info_gh-wdf10a/vultures@jpcert.or.jp
N/A
Hyperlink: https://jvn.jp/en/jp/JVN18035227/
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://www.green-house.co.jp/note/info_gh-wdf10a/
Source: vultures@jpcert.or.jp
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2025-15017
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-7||HIGH
EPSS-0.06% / 18.97%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 07:44
Updated-31 Dec, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

Action-Not Available
Vendor-Moxa Inc.
Product-NPort 5100 SeriesNPort 5100A SeriesNPort IA5000 SeriesNPort 5200 SeriesNPort 5000AI-M12 SeriesNPort 5600-DT SeriesNPort 5200A SeriesNPort 5600 SeriesNPort 5400 SeriesNPort IA5000A SeriesNPort IA5000-G2 Series
CWE ID-CWE-489
Active Debug Code
CVE-2024-53648
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:28
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions < V9.90), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V10.0), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.90), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.90), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.90), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.90), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.90), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.90), SIPROTEC 5 7SK82 (CP100) (All versions < V8.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.90), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.90), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.90), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.90), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions < V9.90), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.90), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.90), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions < V9.90), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.90). Affected devices do not properly limit access to a development shell accessible over a physical interface. This could allow an unauthenticated attacker with physical access to the device to execute arbitrary commands on the device.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7SD86 (CP200)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7SY82 (CP150)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SA87 (CP200)
CWE ID-CWE-489
Active Debug Code
CVE-2024-41999
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 37.51%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 07:50
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's settings, or spoof devices in other rooms.

Action-Not Available
Vendor-TECHNO SUPPORT COMPANYandroid_app
Product-Smart-tab Android appsmart_tab
CWE ID-CWE-489
Active Debug Code
CVE-2025-2919
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7||HIGH
EPSS-0.09% / 25.98%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 17:31
Updated-17 Apr, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netis WF-2404 UART hardware allows activation of test or debug logic at runtime

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Netis Systems Co., Ltd.
Product-netis_wf-2404netis_wf-2404_firmwareWF-2404
CWE ID-CWE-1313
Hardware Allows Activation of Test or Debug Logic at Runtime
CWE ID-CWE-489
Active Debug Code
Details not found