{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1802", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-03T12:53:29.818Z", "datePublished": "2026-02-03T19:02:06.964Z", "dateUpdated": "2026-02-23T09:15:04.936Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:15:04.936Z"}, "title": "Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "Ziroom", "product": "ZHOME A0101", "versions": [{"version": "1.0.1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\\controller\\api\\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-03T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-03T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-04T14:32:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "allanp0e (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.343975", "name": "VDB-343975 | Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343975", "name": "VDB-343975 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.741842", "name": "Submit #741842 | https://sh.ziroom.com/ ZHOME A0101 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jinhao118/cve/blob/main/ziru_router_command_injection.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T19:50:23.643121Z", "id": "CVE-2026-1802", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T19:50:30.284Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1802", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T19:50:23.643121Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T19:50:26.898Z"}}], "cna": {"title": "Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection", "credits": [{"lang": "en", "type": "reporter", "value": "allanp0e (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Ziroom", "product": "ZHOME A0101", "versions": [{"status": "affected", "version": "1.0.1.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-03T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-03T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-04T14:32:36.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.343975", "name": "VDB-343975 | Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343975", "name": "VDB-343975 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.741842", "name": "Submit #741842 | https://sh.ziroom.com/ ZHOME A0101 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jinhao118/cve/blob/main/ziru_router_command_injection.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\\controller\\api\\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:15:04.936Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1802", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:15:04.936Z", "dateReserved": "2026-02-03T12:53:29.818Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-03T19:02:06.964Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\\controller\\api\\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha descubierto una falla de seguridad en Ziroom ZHOME A0101 1.0.1.0. Este problema afecta la funci\u00f3n macAddrClone del archivo luci\\controller\\API\\zrMacClone.lua. La manipulaci\u00f3n del argumento macType resulta en inyecci\u00f3n de comandos. El ataque puede ser lanzado de forma remota. El exploit ha sido publicado y puede ser utilizado para ataques. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-1802", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-03T19:16:16.170", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/jinhao118/cve/blob/main/ziru_router_command_injection.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.343975"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.343975"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.741842"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T19:47:11.110539+00:00", "value": {"mitigation_remediation": ["Update the Ziroom firmware to the latest version that includes a fix for the macAddrClone command injection if available from the vendor or community.", "If a patch is not yet available, restrict remote access to the macAddrClone endpoint by configuring firewall or ACL rules to allow only trusted internal networks.", "If the device configuration permits, disable the macAddrClone feature or the associated API to remove the injection vector until a permanent fix is applied.", "Continuously monitor system logs for anomalous command executions or repeated attempts to use the macAddrClone endpoint and set alerts for suspicious activity."], "summary": {"action": "Patch or Mitigate", "impact": "Remote Command Execution via Command Injection"}, "threat_synthesis": {"affected_systems": "The only affected product listed is the Ziroom ZHOME A0101 router running firmware version 1.0.1.0. No other firmware revisions or device models are mentioned in the CNA data. The vendor has not released a patch or fix, and no official workaround has been provided.", "description_and_impact": "The Ziroom ZHOME A0101 router firmware 1.0.1.0 contains a flaw in the macAddrClone Lua script that accepts the macType parameter without any sanitization. The vulnerability permits an attacker to embed arbitrary shell commands into the system call that the script performs, resulting in Remote Command Execution with the privileges of the web server process. The weakness is classified as CWE\u201174 (Improper Sanitization) and CWE\u201177 (Command Injection).", "risk_and_exploitability": "The CVSS base score of 6.9 indicates a moderate severity vulnerability. The EPSS score of 2\u202f% indicates that exploitation attempts are possible but unlikely, and the vulnerability is not yet in the CISA KEV catalogue. Public exploits have been published, and the description states that the attack can be launched remotely. It is unclear whether authentication is required; the text does not specify this, so the factor is unknown and inferred from the lack of detail. Because the vulnerability is remotely exploitable, the risk to affected systems is significant if the system is reachable from untrusted networks."}}}}, "created": "2026-02-04T12:06:01.467339+00:00", "updated": "2026-04-18T20:00:09.270802+00:00", "vendors": ["ziroom", "ziroom$PRODUCT$zhome_a0101"]}