OS Command Injection in ZyXEL Communications Corp. products - CVE-2026-1460
Published: April 28, 2026
Vulnerability identifier: #VU128270
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-1460
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ZyXEL Communications Corp.
Affected software:
Nebula FWA70
Nebula FWA505
Nebula FWA510
Nebula FWA515
Nebula FWA710
Nebula LTE3301-PLUS
Nebula LTE7461-M602
Nebula NR5101
DX3300-T0
DX3300-T1
DX3301-T0
DX5401-B1
EE3301-00
EE5301-00
EE6510-10
EX2210-T0
EX3300-T0
EX3300-T1
EX3301-T0
EX3500-T0
EX3501-T0
EX3600-T0
EX5401-B1
EX5512-T0
EX5601-T0
EX5601-T1
EX7501-B0
EX7710-B0
GM4100-B0
VMG4005-B50A
VMG4005-B60A
AM7510-00
AX7501-B1
PE3301-00
PE5301-01
PX5301-T0
PX5302-00
WE3300-00
WE4600-00
WX5600-T0
Nebula NR7101
EMG3525-T50B
EMG5523-T50B
VMG3625-T50B
VMG8623-T50B
Nebula FWA70
Nebula FWA505
Nebula FWA510
Nebula FWA515
Nebula FWA710
Nebula LTE3301-PLUS
Nebula LTE7461-M602
Nebula NR5101
DX3300-T0
DX3300-T1
DX3301-T0
DX5401-B1
EE3301-00
EE5301-00
EE6510-10
EX2210-T0
EX3300-T0
EX3300-T1
EX3301-T0
EX3500-T0
EX3501-T0
EX3600-T0
EX5401-B1
EX5512-T0
EX5601-T0
EX5601-T1
EX7501-B0
EX7710-B0
GM4100-B0
VMG4005-B50A
VMG4005-B60A
AM7510-00
AX7501-B1
PE3301-00
PE5301-01
PX5301-T0
PX5302-00
WE3300-00
WE4600-00
WX5600-T0
Nebula NR7101
EMG3525-T50B
EMG5523-T50B
VMG3625-T50B
VMG8623-T50B
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "DomainName" parameter of the DHCP configuration file. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2026-1460
Install updates from vendor's website.