CVE-2026-7273
Received Received - Intake
Stack-Based Buffer Overflow in Zyxel GS1900-48HPv2 Firmware

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Zyxel Corporation

Description
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-7273
EUVD
EUVD-2026-37030
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
zyxel gs1900-8 to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-8hp to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-10hp to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-16 to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-24 to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-24e to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-24ep to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-24hpv2 to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-48 to 2.90(ABTQ.1)C0 (inc)
zyxel gs1900-48hpv2 to 2.90(ABTQ.1)C0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow found in the CGI program of Zyxel GS1900 series switch firmware versions up to 2.90(ABTQ.1)C0. It allows an attacker who is on the local area network (LAN) and does not need to be authenticated to exploit the flaw by sending a specially crafted HTTP request.

Exploiting this vulnerability could enable the attacker to execute operating system commands on the affected device.

Impact Analysis

If exploited, this vulnerability can allow an unauthenticated attacker on the LAN to execute arbitrary OS commands on the affected Zyxel GS1900 series switch.

This could lead to full compromise of the device, potentially allowing the attacker to disrupt network operations, intercept or manipulate network traffic, or use the device as a foothold for further attacks within the network.

Mitigation Strategies

To mitigate this vulnerability, users should immediately install the patches released by Zyxel for the affected GS1900 series switches.

  • Identify if your device is one of the affected models: GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24, GS1900-24E, GS1900-24EP, GS1900-24HPv2, GS1900-48, or GS1900-48HPv2.
  • Check if the firmware version is 2.90(AAHH.1)C0 or earlier.
  • Download and apply the corresponding patched firmware versions provided by Zyxel.

Applying these patches will protect against exploitation of the stack-based buffer overflow vulnerability that could allow unauthenticated OS command execution via crafted HTTP requests.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart