HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-7273Published Modified CNA Zyxel

CVE-2026-7273: A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
Affected Products
10

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A stack-based buffer overflow exists in the CGI web interface of Zyxel GS1900-series managed switch firmware, affecting multiple models through version 2.90. An attacker on the same local network segment (LAN, VLAN, or adjacent network) can send a crafted HTTP request without any credentials to trigger the overflow. Successful exploitation gives the attacker the ability to execute arbitrary OS commands on the switch, with full read, write, and availability impact. No vendor patch has been published yet; HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds (including Zyxel's CNA feed and NVD) within minutes of publication and matched against firmware-derived container images in customer registries and CI/CD pipelines, including custom-built images that bundle affected Zyxel firmware versions. Coverage extends to any image layer that carries an affected GS1900-series firmware artifact.

Available
Triage

HarborGuard scores this finding at CVSS 8.8 (HIGH) per the v3.1 vector and weights it against each environment's compliance policy to determine urgency and routing. Findings are dispatched to the appropriate team inbox within each customer organization based on asset ownership rules and policy thresholds configured by that org's administrators.

Available
Patch

Because no fix version has been published by Zyxel, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. In the interim, HarborGuard surfaces the advisory with compensating-control guidance so that customers can act on network-isolation measures without waiting for a vendor patch.

Pending upstream

Exploit Conditions

  • Network reachabilityDetail

    The attacker must be on an adjacent network (LAN, VLAN, or VPN segment) to reach the switch's CGI interface; remote internet-based exploitation is not possible without prior access to the local network.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerable CGI endpoint accepts unauthenticated HTTP requests.

  • Victim interactionNot required

    Exploitation is entirely attacker-driven; no user action or interaction from anyone on the target device is required.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special preconditions, race conditions, or environmental tuning beyond network adjacency.

Blast Radius

  • Executes arbitrary OS commands on the switch with the privilege level of the CGI process, giving the attacker full control over switch configuration and management functions.
  • Reads sensitive data stored on the device, including credentials, SNMP community strings, VLAN configurations, and management interface settings.
  • Modifies switch configuration, including routing tables, port assignments, and access-control lists, enabling traffic interception or network segmentation bypass.
  • Crashes or reboots the switch, disrupting network connectivity for all devices dependent on that segment.

How HarborGuard Handles This

Available on HarborGuard: because Zyxel has not yet published a fix for CVE-2026-7273, the platform monitors the advisory on every ingest cycle and will automatically trigger a patched-image rebuild and (for customers with auto-remediation enabled) open a PR against affected workloads the moment an upstream patch version is published. While no patch is available, HarborGuard surfaces compensating-control recommendations for each affected environment: isolating management interfaces behind a dedicated management VLAN, applying network policy to block unauthorized LAN-side HTTP access to switch management ports, and enabling egress filtering to limit lateral movement if a switch is compromised. Customers can configure policy alerts so that any image found to bundle an affected GS1900-series firmware version is flagged immediately and routed to the appropriate team for manual review.

See how HarborGuard automates this
Affected packages
  • Zyxel / GS1900-48HPv2 firmware
    <= 2.90(ABTQ.1)C0
  • Zyxel / GS1900-8 firmware
    <= 2.90(AAHH.1)C0
  • Zyxel / GS1900-8HP firmware
    <= 2.90(AAHI.1)C0
  • Zyxel / GS1900-10HP firmware
    <= 2.90(AAZI.1)C0
  • Zyxel / GS1900-16 firmware
    <= 2.90(AAHJ.1)C0
  • Zyxel / GS1900-24 firmware
    <= 2.90(AAHL.1)C0
  • Zyxel / GS1900-24E firmware
    <= 2.90(AAHK.1)C0
  • Zyxel / GS1900-24EP firmware
    <= 2.90(ABTO.1)C0
  • Zyxel / GS1900-24HPv2 firmware
    <= 2.90(ABTP.1)C0
  • Zyxel / GS1900-48 firmware
    <= 2.90(AAHN.1)C0
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References