Refine your search
1 vulnerability found for Central Office Services - Content Hosting Component by Data Recognition Corporation
CVE-2026-5756 (GCVE-0-2026-5756)
Vulnerability from cvelistv5
Published
2026-04-14 17:51
Modified
2026-04-16 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Data Recognition Corporation | Central Office Services - Content Hosting Component |
Version: 975 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T11:55:49.509703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T12:05:46.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Central Office Services - Content Hosting Component",
"vendor": "Data Recognition Corporation",
"versions": [
{
"status": "affected",
"version": "975"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server\u0027s configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T17:51:53.628Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.datarecognitioncorp.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5756"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5756",
"datePublished": "2026-04-14T17:51:53.628Z",
"dateReserved": "2026-04-07T16:42:45.597Z",
"dateUpdated": "2026-04-16T12:05:46.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}