Description
A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.
Published: 2026-02-24
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution via command injection
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker who has successfully authenticated with administrative privileges on the Zyxel VMG3625‑T50B device to execute arbitrary operating system commands. Because the flaw is a classic OS command injection, the attacker could modify, delete, or exfiltrate system files, install backdoors, or otherwise take full control of the device. The weakness falls under CWE‑78 and carries a CVSS score of 7.2, indicating a high severity level that can compromise the confidentiality, integrity, and availability of the network device and any services dependent on it.

Affected Systems

Zyxel routers including the VMG3625‑T50B firmware versions up to 5.50(ABPM.9.7)C0. The issue is tied to the TR‑369 certificate download CGI program and affects devices that are running the aforementioned firmware without applied vendor updates.

Risk and Exploitability

The vulnerability is exploitable only after the attacker has obtained valid administrator credentials, which implies a post‑authentication attack vector. The EPSS score of less than 1% indicates a very low but non‑zero probability of exploitation in the wild, and the vulnerability is not currently listed in the CISA KEV catalog. Nevertheless, because an attacker can achieve complete control over the device, the risk remains significant. The primary conditions for exploitation are network access to the device and possession of administrative authentication. No additional prerequisites such as privilege escalation or local physical access are required once the credentials are in hand.

Generated by OpenCVE AI on April 18, 2026 at 10:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to the latest Zyxel release that resolves the command injection vulnerability.
  • Disable or restrict the TR‑369 certificate download CGI endpoint via the router’s configuration or firewall rules if a patch is unavailable.
  • Limit administrative access to trusted management networks and apply network segmentation to reduce the chance of credential compromise.
  • Monitor device logs for anomalous command executions and implement intrusion detection rules targeting suspicious CGI inputs.

Generated by OpenCVE AI on April 18, 2026 at 10:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Title Post-Authentication Command Injection in Zyxel VMG3625‑T50B Firmware

Wed, 25 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel dx5401-b1
Zyxel dx5401-b1 Firmware
Zyxel emg3525-t50b
Zyxel emg3525-t50b Firmware
Zyxel emg5523-t50b
Zyxel emg5523-t50b Firmware
Zyxel vmg3625-t50b
Zyxel vmg3625-t50c
Zyxel vmg3625-t50c Firmware
Zyxel vmg8623-t50b
Zyxel vmg8623-t50b Firmware
CPEs cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3625-t50c:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vmg3625-t50c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*
Vendors & Products Zyxel dx5401-b1
Zyxel dx5401-b1 Firmware
Zyxel emg3525-t50b
Zyxel emg3525-t50b Firmware
Zyxel emg5523-t50b
Zyxel emg5523-t50b Firmware
Zyxel vmg3625-t50b
Zyxel vmg3625-t50c
Zyxel vmg3625-t50c Firmware
Zyxel vmg8623-t50b
Zyxel vmg8623-t50b Firmware

Tue, 24 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel
Zyxel vmg3625-t50b Firmware
Vendors & Products Zyxel
Zyxel vmg3625-t50b Firmware

Tue, 24 Feb 2026 03:00:00 +0000

Type Values Removed Values Added
Description A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Zyxel Dx5401-b1 Dx5401-b1 Firmware Emg3525-t50b Emg3525-t50b Firmware Emg5523-t50b Emg5523-t50b Firmware Vmg3625-t50b Vmg3625-t50b Firmware Vmg3625-t50c Vmg3625-t50c Firmware Vmg8623-t50b Vmg8623-t50b Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2026-02-26T14:44:10.011Z

Reserved: 2026-01-27T01:26:24.186Z

Link: CVE-2026-1459

cve-icon Vulnrichment

Updated: 2026-02-24T19:18:43.312Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T03:16:00.587

Modified: 2026-02-25T18:05:40.307

Link: CVE-2026-1459

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:00:05Z

Weaknesses