Is Command Injection affected by CVE-2026-1459?

A vulnerability in Zyxel VMG3625-T50B devices allows authenticated administrators to execute unauthorized commands, potentially compromising network infrastructure and sensitive data.

CVE-2026-1459

HIGH

2026-02-24 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 24, 2026 - 03:16 nvd

HIGH 7.2

Description

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.

Analysis

Zyxel VMG3625-T50B, DX5401 B1, and EMG5523 T50B devices with firmware through version 5.50(ABPM.9.7)C0 contain a post-authentication command injection vulnerability in the TR-369 certificate download function that allows authenticated administrators to execute arbitrary operating system commands. An attacker with admin credentials could leverage this to gain complete control over the affected device. …

Remediation

Within 24 hours: Inventory all VMG3625-T50B devices in production and restrict administrator access to trusted personnel only. Within 7 days: Implement network segmentation to isolate affected devices and disable the TR-369 certificate download feature if not operationally required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: 0

CVE-2026-1459 vulnerability details – vuln.today

Back

CVE-2026-1459

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-1459

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code