CVE-2026-1459
published 2026-02-24CVE-2026-1459: A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | dx5401-b1_firmware | <= 5.17\(abyo.7.1\)c0 | — |
| zyxel | emg3525-t50b_firmware | <= 5.50\(abpm.9.7\)c0 | — |
| zyxel | emg5523-t50b_firmware | <= 5.50\(abpm.9.7\)c0 | — |
| zyxel | vmg3625-t50b_firmware | <= 5.50\(abpm.9.7\)c0 | — |
| zyxel | vmg3625-t50c_firmware | <= 5.50\(abpm.9.7\)c0 | — |
| zyxel | vmg8623-t50b_firmware | <= 5.50\(abpm.9.7\)c0 | — |