{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0774", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-01-08T22:50:40.949Z", "datePublished": "2026-01-23T03:29:09.778Z", "dateUpdated": "2026-01-23T16:21:59.875Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-01-23T03:29:09.778Z"}, "title": "WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708."}], "affected": [{"vendor": "WatchYourLAN", "product": "WatchYourLAN", "versions": [{"version": "2.1.2", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-039/", "name": "ZDI-26-039", "tags": ["x_research-advisory"]}], "dateAssigned": "2026-01-08T22:50:40.974Z", "datePublic": "2026-01-09T16:48:02.551Z", "source": {"lang": "en", "value": "x.com/xnand_"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T16:21:49.507437Z", "id": "CVE-2026-0774", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T16:21:59.875Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0774", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-01-08T22:50:40.949Z", "datePublished": "2026-01-23T03:29:09.778Z", "dateUpdated": "2026-01-23T16:21:59.875Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-01-23T03:29:09.778Z"}, "title": "WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708."}], "affected": [{"vendor": "WatchYourLAN", "product": "WatchYourLAN", "versions": [{"version": "2.1.2", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-039/", "name": "ZDI-26-039", "tags": ["x_research-advisory"]}], "dateAssigned": "2026-01-08T22:50:40.974Z", "datePublic": "2026-01-09T16:48:02.551Z", "source": {"lang": "en", "value": "x.com/xnand_"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0774", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-23T16:21:49.507437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T16:21:54.596Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por inyecci\u00f3n de argumentos en la p\u00e1gina de configuraci\u00f3n de WatchYourLAN. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en instalaciones afectadas de WatchYourLAN. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad.\n\nLa falla espec\u00edfica reside en el manejo del par\u00e1metro arpstrs. El problema se debe a la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la cuenta de servicio. Fue ZDI-CAN-26708."}], "id": "CVE-2026-0774", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2026-01-23T04:16:04.650", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-039/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:15:07.107476+00:00", "value": {"mitigation_remediation": ["Upgrade the WatchYourLAN firmware to the latest official release that addresses argument validation for the arpstrs parameter.", "Restrict LAN access to the WatchYourLAN configuration port by applying firewall rules or isolation to a dedicated VLAN.", "Stop or disable the WatchYourLAN service on systems that are no longer required, or move it to a dedicated management network."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is WatchYourLAN by WatchYourLAN. The reported vulnerability applies to all installations of the WatchYourLAN service; the CNA did not list specific version restrictions.", "description_and_impact": "WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. The flaw resides in the handling of the arpstrs parameter, where a user-supplied string is passed to a system call without validation. This allows an attacker to run arbitrary code in the context of the service account. Because no authentication is required, a node on the same network can directly exploit the service from its IP range. The weakness corresponds to CWE\u201188.", "risk_and_exploitability": "The CVSS base score of 8.8 signals high severity, while the EPSS score below 1% indicates low exploitation probability at the time of analysis. The vulnerability is not on the KEV list yet its unauthenticated remote code execution capability presents a serious risk for hosts on the same LAN. Attackers can trigger the flaw by sending crafted HTTP requests that include a malicious arpstrs argument while connected to the affected network, exploiting the lack of input validation and the open access control."}}}}, "created": "2026-01-23T10:26:43.233629+00:00", "updated": "2026-04-18T03:15:35.437667+00:00", "vendors": ["watchyourlan", "watchyourlan$PRODUCT$watchyourlan"]}