CVE-2026-4795

Vulnerability

A missing authorization vulnerability exists in Zyxel GS1200-5v3 firmware versions up to and including 1.00(ACPS.2)C0, GS1200-8v3 firmware versions up to and including 1.00(ACPT.2)C0, GS1200-5HPv3 firmware versions up to and including 1.00(ACPU.2)C0, GS1200-8HPv3 firmware versions up to and including 1.00(ACPV.2)C0, and GS1200-10v3 firmware versions up to and including 1.00(ACPW.2)C0 [1]. The bug is triggered when a LAN-based attacker sends a specially crafted HTTP request to the affected switch, causing the system configuration to be read from a log file without proper authorization checks.

Exploitation

An attacker must be on the same local area network (LAN) as the vulnerable switch. No authentication is required. The attacker crafts an HTTP request to an endpoint that exposes the log file containing the system configuration. The request does not need any special privileges or prior conditions beyond network access [1].

Impact

Successful exploitation allows an unauthenticated attacker to read the full system configuration from a log file, leading to disclosure of sensitive information about the switch’s network settings and operational parameters. The attack does not allow modification of the configuration or code execution, but the information leak can aid in further attacks against the network [1].

Mitigation

Zyxel has released patched firmware versions for all affected models: 1.00(ACPS.3)C0 for GS1200-5v3, 1.00(ACPT.3)C0 for GS1200-8v3, 1.00(ACPU.3)C0 for GS1200-5HPv3, 1.00(ACPV.3)C0 for GS1200-8HPv3, and 1.00(ACPW.3)C0 for GS1200-10v3 [1]. Users should update their switches to the latest firmware as soon as possible. There is no known workaround, and no evidence that this CVE has been added to the Known Exploited Vulnerabilities (KEV) catalog.