CVE-2026-2000
Published: 06 February 2026
Summary
CVE-2026-2000 is a medium-severity Injection (CWE-74) vulnerability in Dcnetworks Dcme-320 Firmware. Its CVSS base score is 4.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in exposed web management backend directly enables remote exploitation of public-facing app (T1190) and Unix shell command execution (T1059.004).
NVD Description
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible…
more
to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-2026-2000 is a command injection vulnerability affecting DCN DCME-320 firmware versions up to 20260121. The flaw resides in the apply_config function of the file /function/system/basic/bridge_cfg.php within the Web Management Backend component, where manipulation of the ip_list argument enables command injection. Published on 2026-02-06, it carries a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs CWE-74 and CWE-77.
The vulnerability is exploitable remotely over the network with low complexity, though it requires high privileges (PR:H), such as those of an authenticated administrator. An attacker could manipulate the ip_list parameter during configuration operations to inject and execute arbitrary commands, potentially resulting in limited impacts to confidentiality, integrity, and availability.
Advisories from VulDB (e.g., https://vuldb.com/?ctiid.344548, https://vuldb.com/?id.344548) document the issue, while an exploit is publicly available in a GitHub repository (https://github.com/physicszq/Routers/tree/main/Dcme). The vendor was notified early but provided no response, leaving no official patches or mitigation guidance available.
Details
- CWE(s)