Vulnerability Description
A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Vmg8623-T50B Firmware | <= 5.50\(abpm.9.7\)c0 |
| Zyxel | Vmg8623-T50B | - |
| Zyxel | Dx5401-B1 Firmware | <= 5.17\(abyo.7.1\)c0 |
| Zyxel | Dx5401-B1 | - |
| Zyxel | Emg3525-T50B Firmware | <= 5.50\(abpm.9.7\)c0 |
| Zyxel | Emg3525-T50B | - |
| Zyxel | Emg5523-T50B Firmware | <= 5.50\(abpm.9.7\)c0 |
| Zyxel | Emg5523-T50B | - |
| Zyxel | Vmg3625-T50B Firmware | <= 5.50\(abpm.9.7\)c0 |
| Zyxel | Vmg3625-T50B | - |
| Zyxel | Vmg3625-T50C Firmware | <= 5.50\(abpm.9.7\)c0 |
| Zyxel | Vmg3625-T50C | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-1459?
CVE-2026-1459 is a vulnerability with a CVSS score of 7.2 (HIGH). A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated a...
How severe is CVE-2026-1459?
CVE-2026-1459 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1459?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Vmg8623-T50B Firmware, Zyxel Vmg8623-T50B, Zyxel Dx5401-B1 Firmware, Zyxel Dx5401-B1, Zyxel Emg3525-T50B Firmware.