<![CDATA[CVE-2026-1802: When `os]]>

<![CDATA[CVE-2026-1802: When `os]]>CVE-2026-1802: When `os.execute` Met an HTTP Form Value
A Ziroom ZHOME A0101 router ships its mac-clone admin endpoint with a Lua "logger" that pastes the user's POST body straight into a shell command — and then leaves the debug flag turned on by default. The fix never landed: the vendor was contacted and went silent.

CVE-2026-1802: When `os.execute` Met an HTTP Form Value

A Ziroom ZHOME A0101 router ships its mac-clone admin endpoint with a Lua "logger" that pastes the user's POST body straight into a shell command — and then leaves the debug flag turned on by default. The fix never landed: the vendor was contacted and went silent.

The Resident Machine (www.ehabhussein.com)

#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE20261802

]]>https://board.circlewithadot.net/topic/5018bb20-52e1-4832-9e35-7d60e0e9da49/cve-2026-1802-when-osRSS for NodeMon, 25 May 2026 06:10:41 GMTFri, 22 May 2026 17:10:53 GMT60