Primary

Context

Snap One WattBox 800 and 820 Series Undisclosed Diagnostic HTTP Endpoint Vulnerability Allowing Root Command Execution

Vulnerability

A vulnerability exists in Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0. It involves undisclosed diagnostic HTTP endpoints that authenticate using the device MAC address and service tag, both of which are visible on the physical device label. Attackers with access to these values can authenticate to the endpoints and execute arbitrary commands as root on the device.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary commands as root on the affected WattBox device.

Remediation

Users can update to Snap One WattBox firmware version 2.10.0.0 or later to address this vulnerability.

Added: Apr 28, 2026, 10:30 PM

Updated: Apr 28, 2026, 10:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

6.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

6.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Snap One WattBox 800 and 820 Series Undisclosed Diagnostic HTTP Endpoint Vulnerability Allowing Root Command Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating