CVE-2026-7256
Zyxel · WRE6505 v2
A command injection vulnerability exists in the CGI program of the Zyxel WRE6505 v2, allowing unauthenticated attackers to execute arbitrary OS commands.
Executive summary
A critical command injection vulnerability in the Zyxel WRE6505 v2 firmware enables remote code execution, posing a severe risk to network security.
Vulnerability
This is an OS command injection vulnerability (CWE-78) located within the device's CGI program. It allows an unauthenticated, adjacent network attacker to inject and execute arbitrary commands with high-level privileges.
Business impact
With a CVSS score of 8.8 (High), this vulnerability represents a significant risk to organizational networks. Successful exploitation allows for full control over the affected hardware, which can be leveraged to pivot into the internal network, intercept traffic, or cause permanent denial of service.
Remediation
Immediate Action: As this product is identified as unsupported, the primary remediation is to decommission the affected hardware and replace it with a currently supported model.
Proactive Monitoring: Monitor network traffic for suspicious activity originating from the WRE6505 v2 device and restrict access to the device management interface to trusted administrative segments only.
Compensating Controls: Place the device behind a robust firewall or VLAN to isolate it from the internal network and block unauthorized access to its management services.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
Due to the device being unsupported and the high severity of the command injection flaw, immediate replacement is the only effective way to eliminate this risk. Relying on legacy hardware that no longer receives security updates creates a permanent, unpatchable entry point for attackers.