CVE-2026-31196

Published: Mag 05, 2026 Last Modified: Mag 05, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.

http://altice.com
http://altice.com
http://gr140dg.com
http://gr140dg.com
https://xerod.ai/advisories/XEROD-2026-0002
https://xerod.ai/advisories/XEROD-2026-0002