CVE-2026-1459 Zyxel — Exploit & Vulnerability Details HIGH

CVE-2026-1459

HIGH CVSS 3.1: 7.2 EPSS 0.03%

Parameter	Value
CVSS	7.2 (HIGH)
Type	CWE-78 (OS Command Injection)
Vendor	Zyxel
Public PoC	No

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-78 OS Command Injection

References 1

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advi…

security@zyxel.com.tw

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-13943

Zyxel

8.8

CVE-2025-13942

Zyxel

9.8

CVE-2025-11848

Zyxel

4.9

CVE-2025-11847

Zyxel

4.9

CVE-2025-11846

Zyxel

4.9

Menu

CVE-2026-1459

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2025-13943

CVE-2025-13942

CVE-2025-11848

CVE-2025-11847

CVE-2025-11846

CVE Details

Editor's Choice

Menu

CVE-2026-1459

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2025-13943

CVE-2025-13942

CVE-2025-11848

CVE-2025-11847

CVE-2025-11846

CVE Details

Editor's Choice

Stay informed on cybersecurity