Vulnerability Details CVE-2026-1459
A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.1%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2026-1459
-
cpe:2.3:h:zyxel:dx5401-b1:-
-
cpe:2.3:h:zyxel:emg3525-t50b:-
-
cpe:2.3:h:zyxel:emg5523-t50b:-
-
cpe:2.3:h:zyxel:vmg3625-t50b:-
-
cpe:2.3:h:zyxel:vmg3625-t50c:-
-
cpe:2.3:h:zyxel:vmg8623-t50b:-
-
cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17(abyo.5)c0
-
cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17(abyo.6)c0
-
cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17(abyo.6.2)c0
-
cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17(abyo.6.4)c0
-
cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17(abyo.7)b2
-
cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17(abyo.7.1)c0
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:-
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50(abpm.4)c0
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50(abpm.6)c0
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50(abpm.8)c0
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50(abpm.9)c0
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50(abpm.9.2)c0
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50(abpm.9.3)c0
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50(abpm.9.5)c0
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50(abpm.9.7)c0
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:-
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50(abpm.4)c0
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50(abpm.6)c0
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50(abpm.8)c0
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50(abpm.9)c0
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50(abpm.9.2)c0
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50(abpm.9.3)c0
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50(abpm.9.5)c0
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50(abpm.9.7)c0
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:-
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50(abpm.4)c0
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50(abpm.6)c0
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50(abpm.8)c0
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50(abpm.9)c0
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50(abpm.9.2)c0
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50(abpm.9.3)c0
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50(abpm.9.5)c0
-
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50(abpm.9.7)c0
-
cpe:2.3:o:zyxel:vmg3625-t50c_firmware:5.50(abpm.9.7)c0
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50(abpm.4)c0
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50(abpm.6)c0
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50(abpm.8)c0
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50(abpm.9)c0
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50(abpm.9.2)c0
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50(abpm.9.3)c0
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50(abpm.9.5)c0
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50(abpm.9.7)c0