Trevor Hough

**Name of the Vulnerable Software and Affected Versions** Zyxel EMG2926 version V1.00(AAQT.4)b8 **Description** A command injection issue was discovered in the diagnostic tools of the Zyxel EMG2926 home router, specifically in the nslookup function. This allows a malicious user to execute arbitrary commands on the router by exploiting various vectors, such as the `ping ip` parameter to the "expert/maintenance/diagnostic/nslookup" URI. **Recommendations** For Zyxel EMG2926 version V1.00(AAQT.4)b8, consider disabling the nslookup function in the diagnostic tools as a temporary workaround until a patch is available. Restrict access to the "expert/maintenance/diagnostic/nslookup" URI to minimize the risk of exploitation. Avoid using the `ping ip` parameter in the affected URI until the issue is resolved.