CVE-2026-7256 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 12, 2026
Zyxel WRE6505 - Command Injection
Overview
Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 contains a command injection caused by improper input handling in the CGI program, letting adjacent LAN attackers execute OS commands remotely, exploit requires LAN access.
Severity & Score
Impact
Adjacent LAN attackers can execute arbitrary OS commands, potentially taking full control of the device.
Mitigation
Update to the latest firmware version provided by Zyxel.
Social Media Activity(2 posts)
š CVE-2026-7256 - High (8.8) ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device ... š https://www.thehackerwire.com/vulnerability/CVE-2026-7256/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-7256 - High (8.8) ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device ... š https://www.thehackerwire.com/vulnerability/CVE-2026-7256/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-7256
- Severity
- High
- CVSS Score
- 8.8
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 83.2%
- Social Posts
- 2
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H