CVE-2026-41446: CWE-912 Hidden Functionality in Snap One, LLC WattBox 800
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.
AI Analysis
Technical Summary
CVE-2026-41446 describes a critical vulnerability in Snap One WattBox 800 and 820 series devices running firmware versions before 2.10.0.0. The devices contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication. Since both values are printed in plaintext on the physical device label, an attacker with access to the label or documentation can authenticate to these endpoints and execute arbitrary commands with root privileges. This represents a hidden functionality issue categorized under CWE-912. No official patch or remediation level has been provided as of the publication date.
Potential Impact
An attacker who obtains the MAC address and service tag from the device label can gain root-level command execution on the affected WattBox devices. This could lead to full device compromise, unauthorized control, and potential disruption of device functionality. The vulnerability has a critical severity with a CVSS 4.0 score of 9.2, indicating high impact and ease of exploitation given network access and physical or documented access to the device identifiers.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict physical access to the device labels and any documentation containing the MAC address and service tag. Limit network access to the device's HTTP management interfaces to trusted administrators only. Monitor vendor communications for updates on patches or official mitigations.
CVE-2026-41446: CWE-912 Hidden Functionality in Snap One, LLC WattBox 800
Description
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41446 describes a critical vulnerability in Snap One WattBox 800 and 820 series devices running firmware versions before 2.10.0.0. The devices contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication. Since both values are printed in plaintext on the physical device label, an attacker with access to the label or documentation can authenticate to these endpoints and execute arbitrary commands with root privileges. This represents a hidden functionality issue categorized under CWE-912. No official patch or remediation level has been provided as of the publication date.
Potential Impact
An attacker who obtains the MAC address and service tag from the device label can gain root-level command execution on the affected WattBox devices. This could lead to full device compromise, unauthorized control, and potential disruption of device functionality. The vulnerability has a critical severity with a CVSS 4.0 score of 9.2, indicating high impact and ease of exploitation given network access and physical or documented access to the device identifiers.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict physical access to the device labels and any documentation containing the MAC address and service tag. Limit network access to the device's HTTP management interfaces to trusted administrators only. Monitor vendor communications for updates on patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-04-20T16:07:47.308Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f1649ccbff5d861047eb94
Added to database: 4/29/2026, 1:53:32 AM
Last enriched: 4/29/2026, 1:59:33 AM
Last updated: 4/29/2026, 6:46:07 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.