CVE-2026-2000
Remote Command Injection in DCN DCME-320 Web Management Backend
Publication date: 2026-02-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dcnetworks | dcme-320_firmware | to 20260121 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-2000 is a command injection vulnerability found in the DCN DCME-320 device's Web Management Backend, specifically in the function apply_config within the file /function/system/basic/bridge_cfg.php."}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the argument ip_list is improperly handled, allowing an attacker to manipulate it to inject and execute arbitrary commands remotely.'}, {'type': 'paragraph', 'content': 'This means an attacker can execute code on the device remotely by exploiting this flaw, potentially gaining control over the device.'}] [1, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the affected system.
An attacker can execute arbitrary commands remotely, which may lead to unauthorized control over the device.
This could result in disruption of services, data breaches, or further attacks launched from the compromised device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the vulnerable web management backend is accessible and if the specific vulnerable file is present. Vulnerable targets can be identified using Google dorking with the query: inurl:function/system/basic/bridge_cfg.php.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves command injection via the ip_list argument in the apply_config function, detection can involve monitoring for unusual or suspicious requests targeting this endpoint with manipulated ip_list parameters.'}, {'type': 'paragraph', 'content': "No specific detection commands are provided, but network administrators can use web server access logs to search for requests containing 'apply_config' and 'ip_list' parameters, or use tools like curl or wget to test the endpoint manually."}] [3]
What immediate steps should I take to mitigate this vulnerability?
There are no known countermeasures or vendor responses currently available for this vulnerability.
Immediate mitigation steps include restricting remote access to the vulnerable web management backend, especially blocking access to the apply_config function or the bridge_cfg.php file.
Replacement with an alternative product is suggested as a mitigation measure.
Monitoring for exploitation attempts and applying network-level protections such as firewalls or intrusion detection systems to block suspicious traffic targeting this vulnerability is recommended.