ZYXEL has issued firmware patches for a critical vulnerability in its GS1900 series switches, identified as CVE-2026-7273, which carries a CVSS score of 8.8. This stack-based buffer overflow flaw allows unauthenticated attackers on the same local network to execute OS commands through a crafted HTTP request, potentially giving them control over the affected hardware.
The vulnerability affects various models in the GS1900 series running firmware version 2.90 or earlier, including GS1900-8, GS1900-24, and GS1900-48HPv2. Zyxel urges immediate firmware updates for optimal protection and suggests restricting management access to trusted devices until patches are applied.