CVE-2026-7256
HIGH WAF: High
CVSS 8.8
Published: 2026-05-12
CWE-78
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| zyxel | wre6505_firmware | v1.00\(abdv.3\)c0 |
References
- www.zyxel.com (Product)