Zyxel Patches Stack-Based Buffer Overflow in GS1900 Switches (CVE-2026-7273)

Zyxel has rolled out firmware patches for a serious flaw in its popular GS1900 series switches. Tracked as CVE-2026-7273, the Zyxel GS1900 vulnerability is a stack-based buffer overflow rated CVSS 8.8. Moreover, it could let an attacker seize control of affected hardware.

Why It Matters

Network switches sit at the heart of business and home networks. So a compromised switch hands an attacker a powerful foothold. From there, they could intercept traffic or pivot deeper. Given the 8.8 severity score, security teams should treat this fix as urgent.

What the Flaw Does

The bug sits in the CGI program of the switch firmware. A stack-based buffer overflow happens when a program writes past a buffer’s limit. Consequently, attackers can overwrite memory and redirect execution. According to Zyxel, the flaw “could allow a LAN-based, unauthenticated attacker to exploit the flaw.” Then the attacker could run OS commands through a crafted HTTP request.

Notably, no credentials are required. However, the attack vector stays LAN-based rather than internet-wide. So the immediate risk centers on local network access.

Affected Models

The Zyxel GS1900 vulnerability spans much of the GS1900 lineup. Affected models include the GS1900-8, GS1900-24, and GS1900-48HPv2, among others. Each runs firmware version 2.90 or earlier in its branch. Importantly, Zyxel notes that “on-market products not listed in the table remain unaffected.”

Patch and Mitigation

Fortunately, fixes are already available. Zyxel urges customers to update without delay, stating that “users are advised to install them for optimal protection.” Each branch receives its own patched build, such as 2.90(AAHH.2)C0 for the GS1900-8. You can find the full model list and patched firmware in the official Zyxel security advisory. Until you patch, restrict management access to trusted hosts on the LAN.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.