HIGH🇬🇧 English

CVE-2026-7256

CVSS 8.8v3.1pub. 2026-05-12upd. 2026-05-16

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Zyxel Wre6505

    HW
    Zyxel
    v2
  • Zyxel Wre6505 Firmware

    OS
    Zyxel
    v1.00\(abdv.3\)c0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2017-7964CRITICAL10.0ten sam produkt

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it e...

CVE-2026-7255MEDIUM6.5ten sam produkt

** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in ...

CVE-2026-7257MEDIUM4.4ten sam produkt

** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuratio...

CVE-2023-27992CRITICAL9.8⚠ KEVten sam vendor

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AA...

CVE-2023-33009CRITICAL9.8⚠ KEVten sam vendor

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 throug...