{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33201", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-17T23:23:26.571Z", "datePublished": "2026-03-26T04:18:57.635Z", "dateUpdated": "2026-03-26T13:55:23.959Z"}, "containers": {"cna": {"affected": [{"vendor": "GREEN HOUSE CO., LTD.", "product": "Digital Photo Frame GH-WDF10A", "versions": [{"version": "all versions", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges."}], "problemTypes": [{"descriptions": [{"description": "Active debug code", "lang": "en-US", "cweId": "CWE-489", "type": "CWE"}]}], "references": [{"url": "https://www.green-house.co.jp/note/info_gh-wdf10a/"}, {"url": "https://jvn.jp/en/jp/JVN18035227/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-26T04:18:57.635Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:55:13.143693Z", "id": "CVE-2026-33201", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:55:23.959Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33201", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T13:55:13.143693Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:55:17.970Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "GREEN HOUSE CO., LTD.", "product": "Digital Photo Frame GH-WDF10A", "versions": [{"status": "affected", "version": "all versions"}]}], "references": [{"url": "https://www.green-house.co.jp/note/info_gh-wdf10a/"}, {"url": "https://jvn.jp/en/jp/JVN18035227/"}], "descriptions": [{"lang": "en", "value": "Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-489", "description": "Active debug code"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-26T04:18:57.635Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33201", "state": "PUBLISHED", "dateUpdated": "2026-03-26T13:55:23.959Z", "dateReserved": "2026-03-17T23:23:26.571Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-03-26T04:18:57.635Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges."}], "id": "CVE-2026-33201", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-03-26T05:16:39.607", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN18035227/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.green-house.co.jp/note/info_gh-wdf10a/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-489"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Digital Photo Frame GH-WDF10A", "source": "cna", "vendor": "GREEN HOUSE CO., LTD."}, "product": "digital_photo_frame_gh-wdf10a", "vendor": "green_house"}], "analysis": {"en": {"generated_at": "2026-03-26T05:20:48.119091+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update released by Green House Co., LTD that removes the active debug code from the GH\u2011WDF10A.", "If a firmware update is not available, disable any debug mode or feature through the device\u2019s settings, if such an option exists.", "Perform a factory reset of the device to erase possibly compromised configurations.", "Configure network segregation or firewall rules to limit the device\u2019s exposure and monitor for suspicious activity."], "summary": {"action": "Immediate Patch", "impact": "Root Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Green House Co., LTD\u2019s Digital Photo Frame GH\u2011WDF10A is affected. No specific firmware or version numbers are provided in the advisory, so all units of this product model require review.", "description_and_impact": "The GH-WDF10A Digital Photo Frame contains active debug code that, when exploited, permits an attacker to read or write files, access configuration data, and execute arbitrary files with root privileges. This level of access effectively gives the attacker full control over the device, enabling manipulation of media content, persistence of malicious code, or further exploitation of connected systems.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7, indicating a high severity. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, but the potential for root privilege escalation suggests a significant exploitation risk. The attack vector appears to be an exposed debug interface on the device; based on the description it is inferred that an attacker with access to this interface could trigger the exploit, though the exact conditions are not detailed in the CVE."}}}}, "created": "2026-03-26T11:30:33.577336+00:00", "title": "Debug Code Vulnerability Enabling Root Privileges on Green House Digital Photo Frame", "updated": "2026-03-26T12:08:33.769445+00:00", "vendors": ["green_house", "green_house$PRODUCT$digital_photo_frame_gh-wdf10a"]}