A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Sun, 12 Jul 2026 11:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title AMTT Hotel Broadband Operation System switch_status.php sql injection
First Time appeared Amtt
Amtt hotel Broadband Operation System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:amtt:hotel_broadband_operation_system:*:*:*:*:*:*:*:*
Vendors & Products Amtt
Amtt hotel Broadband Operation System
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-07-12T10:30:07.667Z

Updated: 2026-07-12T10:30:07.667Z

Reserved: 2026-07-11T12:16:37.358Z

Link: CVE-2026-15494

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.