** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow…
This vulnerability allows an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable Zyxel WRE6505 v2 device by sending a crafted HTTP request. This can cause significant damage, including data theft, device compromise, and lateral movement. The vulnerability is caused by a command injection flaw in the CGI program.
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.
Adjacent attackers on the LAN are at high risk of executing arbitrary OS commands on the Zyxel WRE6505 v2 device, potentially leading to significant damage and device compromise.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0
Affected Products
1
References
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact