ГлавнаяУязвимости → CVE-2026-26478
9.8критическая

CVE-2026-26478

Описание

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account.

Затрагиваемое ПО
Mobvoi Tichome mini firmwareMobvoi Tichome mini
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/pastcompute/tichome-poc-1https://web.archive.org/web/20171202094530/