CVE-2026-2000

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DCN DCME-320 versions up to 20260121

Description A flaw exists in the Web Management Backend component of DCN DCME-320. Specifically, manipulating the ip list argument within the apply config function of the /function/system/basic/bridge cfg.php file can lead to command injection. This issue is remotely exploitable, and details about the exploit have been publicly released. The vendor was notified but did not respond.

Recommendations Versions up to 20260121: Avoid using the ip list parameter in the apply config function. Versions up to 20260121: As a temporary workaround, consider restricting access to the /function/system/basic/bridge cfg.php file.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-2000

Affected Products

Dcn Dcme-320

CVE-2026-2000

Weakness Enumeration

Related Identifiers

Affected Products

References · 8