CVE-2026-31195
published 2026-05-05CVE-2026-31195: OS command injection vulnerability in the ping diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware…
PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.27%
66.3th percentile
OS command injection vulnerability in the ping diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ALTICE GR140DG/GR140IG /bin/httpd_clientside system destAddr os command injection
vuldb·2026-05-05
CVE-2026-31195 [CRITICAL] ALTICE GR140DG/GR140IG /bin/httpd_clientside system destAddr os command injection
A vulnerability classified as critical was found in ALTICE GR140DG and GR140IG. This impacts the function system of the file /bin/httpd_clientside. Such manipulation of the argument destAddr leads to os command injection.
This vulnerability is uniquely identified as CVE-2026-31195. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-48q2-ffv8-pgrw: The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized us
ghsa_unreviewed·2026-05-05
CVE-2026-31195 [HIGH] CWE-78 GHSA-48q2-ffv8-pgrw: The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized us
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-05
Published