PatchSiren cyber security CVE debrief
CVE-2026-7273 Zyxel CVE debrief
CVE-2026-7273 is a stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0. This vulnerability could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request. The vulnerability has a CVSS score of 8.8 and is classified as HIGH severity.
- Vendor
- Zyxel
- Product
- GS1900-48HPv2 firmware
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-18
Who should care
Administrators and users of Zyxel GS1900-48HPv2 switches, especially those with firmware versions through 2.90(ABTQ.1)C0, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a stack-based buffer overflow in the CGI program of the affected device. This could allow an attacker to execute OS commands via a crafted HTTP request.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch or update to a fixed firmware version as recommended by the vendor.
- Restrict access to the affected device to only trusted networks and users.
- Monitor the device for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide evidence of this vulnerability.
Official resources
-
CVE-2026-7273 CVE record
CVE.org
-
CVE-2026-7273 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-7273 was published on 2026-06-16T03:16:13.557Z and has not been modified since then.