216.73.217.86

CVE-2026-20764

· Published 27/02/2026 02:16 · Modified 27/02/2026 23:11

Labels: CVE-2026-20764 2026-02-27CVE-2026-20764CWE-78[email protected]

Essential information

Published
27/02/2026 02:16
Modified
27/02/2026 23:11
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote code execution.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
copeland / xweb 300d pro firmware cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 300d pro cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*
copeland / xweb 500d pro firmware cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 500d pro cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*
copeland / xweb 500b pro firmware cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 500b pro cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*

References