216.73.216.204

CVE-2026-25196

· Published 27/02/2026 02:16 · Modified 27/02/2026 23:06

Labels: CVE-2026-25196 2026-02-27CVE-2026-25196CWE-78[email protected]

Essential information

Published
27/02/2026 02:16
Modified
27/02/2026 23:06
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
copeland / xweb 300d pro firmware cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 300d pro cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*
copeland / xweb 500d pro firmware cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 500d pro cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*
copeland / xweb 500b pro firmware cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 500b pro cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*

References