CVE-2026-1802

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ziroom ZHOME A0101 version 1.0.1.0

Description A security flaw exists in Ziroom ZHOME A0101. The issue is due to command injection resulting from the manipulation of the macType argument within the macAddrClone function located in the lucicontrollerapizrMacClone.lua file. This allows for remote attacks. The exploit has been publicly released. The vendor was notified but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-1802

Affected Products

Ziroom Zhome A0101

CVE-2026-1802

Weakness Enumeration

Related Identifiers

Affected Products

References · 6