CVE-2026-2000

Name of the Vulnerable Software and Affected Versions DCN DCME-320 versions up to 20260121

Description A flaw exists in the Web Management Backend component of DCN DCME-320. Specifically, manipulating the ip list argument within the apply config function of the /function/system/basic/bridge cfg.php file can lead to command injection. This issue is remotely exploitable, and details about the exploit have been publicly released. The vendor was notified but did not respond.

Recommendations Versions up to 20260121: Avoid using the ip list parameter in the apply config function. Versions up to 20260121: As a temporary workaround, consider restricting access to the /function/system/basic/bridge cfg.php file.