A vulnerability labeled as critical has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead to sql injection.
This vulnerability is registered as CVE-2026-15494. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.