Description
WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708.
Published: 2026-01-23
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. The flaw resides in the handling of the arpstrs parameter, where a user-supplied string is passed to a system call without validation. This allows an attacker to run arbitrary code in the context of the service account. Because no authentication is required, a node on the same network can directly exploit the service from its IP range. The weakness corresponds to CWE‑88.

Affected Systems

The affected product is WatchYourLAN by WatchYourLAN. The reported vulnerability applies to all installations of the WatchYourLAN service; the CNA did not list specific version restrictions.

Risk and Exploitability

The CVSS base score of 8.8 signals high severity, while the EPSS score below 1% indicates low exploitation probability at the time of analysis. The vulnerability is not on the KEV list yet its unauthenticated remote code execution capability presents a serious risk for hosts on the same LAN. Attackers can trigger the flaw by sending crafted HTTP requests that include a malicious arpstrs argument while connected to the affected network, exploiting the lack of input validation and the open access control.

Generated by OpenCVE AI on April 18, 2026 at 03:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WatchYourLAN firmware to the latest official release that addresses argument validation for the arpstrs parameter.
  • Restrict LAN access to the WatchYourLAN configuration port by applying firewall rules or isolation to a dedicated VLAN.
  • Stop or disable the WatchYourLAN service on systems that are no longer required, or move it to a dedicated management network.

Generated by OpenCVE AI on April 18, 2026 at 03:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Watchyourlan
Watchyourlan watchyourlan
Vendors & Products Watchyourlan
Watchyourlan watchyourlan

Fri, 23 Jan 2026 04:00:00 +0000

Type Values Removed Values Added
Description WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708.
Title WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability
Weaknesses CWE-88
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Watchyourlan Watchyourlan
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-01-23T16:21:59.875Z

Reserved: 2026-01-08T22:50:40.949Z

Link: CVE-2026-0774

cve-icon Vulnrichment

Updated: 2026-01-23T16:21:54.596Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T04:16:04.650

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0774

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:15:35Z

Weaknesses