{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/wre6505-v2-firmware-version-v1.00abdv.3c0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7256"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["WRE6505 v2 firmware version V1.00(ABDV.3)C0"],"_cs_severities":["high"],"_cs_tags":["command injection","zyxel","cve-2026-7256","network device"],"_cs_type":"advisory","_cs_vendors":["Zyxel"],"content_html":"\u003cp\u003eCVE-2026-7256 describes a command injection vulnerability affecting Zyxel WRE6505 v2 devices running firmware version V1.00(ABDV.3)C0. This vulnerability allows an attacker with adjacent network access (i.e., on the same LAN) to execute arbitrary operating system commands on the affected device. The attack vector involves sending a specially crafted HTTP request to the device\u0026rsquo;s CGI program. While the CVE is marked as \u0026ldquo;UNSUPPORTED WHEN ASSIGNED,\u0026rdquo; the existence of the vulnerability presents a significant risk to organizations using the affected device, as successful exploitation could lead to complete compromise of the device and potentially the internal network.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains access to the local network (LAN) where the Zyxel WRE6505 v2 device is connected.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the IP address of the vulnerable Zyxel WRE6505 v2 device.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request containing shell metacharacters or commands in a CGI program parameter.\u003c/li\u003e\n\u003cli\u003eAttacker sends the crafted HTTP request to the vulnerable CGI program on the Zyxel device.\u003c/li\u003e\n\u003cli\u003eThe vulnerable CGI program fails to properly sanitize the input, allowing the attacker\u0026rsquo;s injected command to be executed.\u003c/li\u003e\n\u003cli\u003eThe Zyxel device executes the attacker-supplied OS command with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eAttacker gains arbitrary code execution on the device.\u003c/li\u003e\n\u003cli\u003eAttacker can use the compromised device to pivot further into the network, potentially accessing sensitive data or disrupting network operations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7256 allows an attacker to execute arbitrary commands on the Zyxel WRE6505 v2 device. This could enable the attacker to reconfigure the device, steal sensitive information, or use the device as a pivot point to attack other systems on the local network. Given that this is a network device, successful exploitation could lead to a full compromise of the local network segment. The potential impact includes data breaches, service disruption, and further propagation of malicious activity within the network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement network segmentation to limit the blast radius of a compromised device.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious HTTP requests targeting Zyxel devices, using the detection rule \u003ccode\u003eDetect Zyxel WRE6505 Command Injection Attempt\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eConsider replacing the affected Zyxel WRE6505 v2 devices if a patch is not available, given the \u0026ldquo;UNSUPPORTED WHEN ASSIGNED\u0026rdquo; status.\u003c/li\u003e\n\u003cli\u003eRestrict access to the device\u0026rsquo;s management interface to authorized personnel only.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T04:18:11Z","date_published":"2026-05-12T04:18:11Z","id":"https://feed.craftedsignal.io/briefs/2026-05-zyxel-command-injection/","summary":"A command injection vulnerability (CVE-2026-7256) in Zyxel WRE6505 v2 firmware allows an adjacent attacker on the LAN to execute arbitrary OS commands by sending a crafted HTTP request.","title":"Zyxel WRE6505 v2 Command Injection Vulnerability (CVE-2026-7256)","url":"https://feed.craftedsignal.io/briefs/2026-05-zyxel-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — WRE6505 V2 Firmware Version V1.00(ABDV.3)C0","version":"https://jsonfeed.org/version/1.1"}