Skip to content
Verified reproduction

CVE-2026-32833: Cudy LT300 3.0 OS command injection

CVE-2026-32833 is verified against Cudy LT300 V3 firmware · firmware affected versions: All firmware versions prior to 2.5.12 (confirmed vulnerable: 2.4.1, 2.4.5) fixed version: 2.5.12 (released 20-May-2026) vulnerability class: Command Injection This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00258.

REPRO-2026-00258 Cudy LT300 V3 firmware · firmware Command Injection Variant found Jul 6, 2026 .txt
Severity HIGH
Confidence HIGH
Reproduced in 93m 59s
Tool calls 425
Spend $24.00
Affected All firmware versions prior to 2.5.12 (confirmed vulnerable: 2.4.1, 2.4.5)
Fixed in 2.5.12 (released 20-May-2026)
$ pruva-verify REPRO-2026-00258
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00258/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

Cudy LT300 3.0 running firmware prior to 2.5.12 contains an OS command injection vulnerability. Reproduce: access the router's administrative interface or an exposed service running firmware <2.5.12, identify a parameter passed to a shell, and inject OS commands.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/logs/code_comparison.txt0.5 KB
bundle/artifact_promotion_manifest.json14.2 KB
bundle/artifact_promotion_report.json14.3 KB
bundle/vuln_variant/source_identity.json1.4 KB
bundle/vuln_variant/root_cause_equivalence.json1.4 KB
bundle/repro/reproduction_steps.sh15.8 KB
bundle/repro/rca_report.md7.3 KB
bundle/repro/runtime_manifest.json1.6 KB
bundle/repro/validation_verdict.json0.8 KB
bundle/logs/reproduction_steps.log2.5 KB
bundle/logs/artifacts/http/response.txt0.4 KB
bundle/logs/artifacts/product/proof_summary.txt0.2 KB
bundle/logs/artifacts/http/vuln_attempt1_request.txt0.4 KB
bundle/logs/artifacts/http/vuln_attempt1_response_headers.txt0.3 KB
bundle/logs/artifacts/http/vuln_attempt1_response_body.txt2.1 KB
bundle/logs/artifacts/http/vuln_attempt2_request.txt0.4 KB
bundle/logs/artifacts/http/vuln_attempt2_response_headers.txt0.3 KB
bundle/logs/artifacts/http/vuln_attempt2_response_body.txt2.1 KB
bundle/logs/artifacts/http/fixed_attempt1_request.txt0.4 KB
bundle/logs/artifacts/http/fixed_attempt1_response_headers.txt0.2 KB
bundle/logs/artifacts/http/fixed_attempt1_response_body.txt9.4 KB
bundle/logs/artifacts/http/fixed_attempt2_request.txt0.4 KB
bundle/logs/artifacts/http/fixed_attempt2_response_headers.txt0.2 KB
bundle/logs/artifacts/http/fixed_attempt2_response_body.txt9.4 KB
bundle/logs/artifacts/product/code_identity.txt1.8 KB
bundle/logs/artifacts/product/uhttpd_runtime.log1.9 KB
bundle/vuln_variant/reproduction_steps.sh14.0 KB
bundle/vuln_variant/rca_report.md8.1 KB
bundle/vuln_variant/patch_analysis.md5.5 KB
bundle/vuln_variant/variant_manifest.json3.5 KB
bundle/vuln_variant/validation_verdict.json2.5 KB
bundle/vuln_variant/runtime_manifest.json1.4 KB
bundle/logs/vuln_variant/reproduction_steps.log2.2 KB
bundle/logs/vuln_variant/product/proof_summary.txt0.1 KB
bundle/logs/vuln_variant/http/vuln_rpc_request.json0.2 KB
bundle/logs/vuln_variant/http/vuln_rpc_response_headers.txt0.3 KB
bundle/logs/vuln_variant/http/vuln_rpc_response_body.txt0.0 KB
bundle/logs/vuln_variant/http/fixed_rpc_request.json0.2 KB
bundle/logs/vuln_variant/http/fixed_rpc_response_headers.txt0.2 KB
bundle/logs/vuln_variant/http/fixed_rpc_response_body.txt0.2 KB
bundle/logs/vuln_variant/product/code_identity.txt2.9 KB