Primary

Context

Zyxel WRE6505 V2 Command Injection Vulnerability Allowing OS Command Execution

Vulnerability

A command injection vulnerability has been identified in the CGI program of the Zyxel WRE6505 V2 firmware version V1.00(ABDV.3)C0. This vulnerability could allow an adjacent attacker on the LAN to execute operating system commands on the affected device by sending a crafted HTTP request.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the affected device.

Remediation

Users can update to the latest firmware version V1.00(ABDV.3)C0 to address this vulnerability.

Added: May 12, 2026, 4:18 AM

Updated: May 12, 2026, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

7.5

exploitability

4.7

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

7.5

exploitability

4.7

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zyxel WRE6505 V2 Command Injection Vulnerability Allowing OS Command Execution

Vulnerability

Impact

Remediation

Affected Products

Zyxel WRE6505 v2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating