CVE-2026-55638
decolua · 9router
9Router is affected by missing and incorrect authorization vulnerabilities, enabling unauthorized access to critical functions.
Executive summary
Missing and incorrect authorization flaws in 9Router versions prior to 0.5.2 expose the system to unauthorized access and potential service disruption.
Vulnerability
The software fails to properly implement authorization checks, allowing an unauthenticated remote attacker to gain unauthorized access to protected functions or manipulate system state.
Business impact
This vulnerability allows unauthenticated users to perform actions that should be restricted, potentially leading to unauthorized data access or service disruption. With a CVSS score of 8.6, the vulnerability represents a significant risk to the integrity and availability of the 9Router deployment.
Remediation
Immediate Action: Upgrade to 9Router version 0.5.2 or later to resolve the authorization logic flaws.
Proactive Monitoring: Review application logs for unauthorized attempts to access restricted API endpoints or administrative routes.
Compensating Controls: Utilize a Web Application Firewall (WAF) to filter out suspicious requests and enforce access control policies at the network edge.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The presence of authorization vulnerabilities in a router/token saver product is critical. Administrators should apply the 0.5.2 update immediately to restore proper access controls and prevent unauthorized manipulation of the service.