CNNVD-202602-299 Information

Feb 03, 2026 cve

CNNVD ID

CNNVD-202602-299

CVE-2026-1802

CNNVD Published: 2026-02-03

Description (Chinese)

Ziroom ZHOME A0101是中国自如（Ziroom）公司的一款智能家居硬件设备。 Ziroom ZHOME A0101 1.0.1.0版本存在命令注入漏洞，该漏洞源于文件lucicontrollerapizrMacClone.lua中macAddrClone函数对参数macType的操作不当，可能导致命令注入攻击。

Description (English)

Ziroom ZHOME A0101 is a smart home hardware device for Ziroom. Version Ziroom ZHOME A0101 1.0.1.0 contains a command-injecting loophole, which stems from the inappropriate operation of the MacAddclone function in document lucicontrollerapizr MacClone.lua on the parameter MacType, which may result in the command-injection attack.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

自如

Published

2026-02-03

Last Modified

2026-02-24

References

https://vuldb.com/?id.343975 https://vuldb.com/?submit.741842 https://github.com/jinhao118/cve/blob/main/ziru_router_command_injection.md https://vuldb.com/?ctiid.343975 https://access.redhat.com/security/cve/cve-2026-1802

Share on: