Published:2026/06/30 Last Updated:2026/06/30
JVN#28979424
DGM3103SCT vulnerable to OS command injection
Overview
DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability.
Products Affected
- DGM3103SCT firmware version 3.2.5.4 and prior
Description
DGM3103SCT provided by AVTECH Security Corporation contains the following vulnerability.
- OS command injection (CWE-78)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2026-56808
Impact
Arbitrary commands may be executed with the root privilege by a user who can log in to the web management console of the affected product.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| AVTECH Security Corporation | IP Cameras DGM3103SCT |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Tomoya KITAGAWA, Satoki TSUJI, Seiya NAKATA, and Yudai FUJIWARA of Ricerca Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-56808 |
| JVN iPedia |
JVNDB-2026-000094 |