CVE-2026-31196 CVSS:8.8

The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.

产品:

📌 来源: NVD-Latest | 🆔 CVE-2026-31196 | 📅 2026-05-05