CVE-2026-49201
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
May 29, 2026
Vendor
unknown
Description
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.