CVE-2026-7273

🗓️ 16 Jun 2026 02:20:29Reported by ZyxelType

CVE-2026-7273: Stack overflow in Zyxel GS1900-48HPv2 CGI allows local area network unauthenticated attackers to run OS commands via web requests.

Reporter	Title	Published	Views	Family All 5
Circl	CVE-2026-7273	16 Jun 202603:57	–	circl
Cvelist	CVE-2026-7273	16 Jun 202602:20	–	cvelist
EUVD	EUVD-2026-37030	16 Jun 202602:20	–	euvd
NVD	CVE-2026-7273	16 Jun 202603:16	–	nvd
Positive Technologies	PT-2026-49603	16 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "Zyxel",
    "product": "GS1900-48HPv2 firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(ABTQ.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-8 firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(AAHH.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-8HP firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(AAHI.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-10HP firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(AAZI.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-16 firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(AAHJ.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-24 firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(AAHL.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-24E firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(AAHK.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-24EP firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(ABTO.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-24HPv2 firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(ABTP.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Zyxel",
    "product": "GS1900-48 firmware",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.90(AAHN.1)C0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
zyxel	www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-stack-based-buffer-overflow-vulnerability-in-gs1900-series-switches-06-16-2026

16 Jun 2026 03:16Current

6Medium risk

Vulners AI Score6

CVSS 3.18.8

CWE-121