CVE-2026-1802 is a command injection vulnerability identified in the Ziroom ZHOME A0101 smart home device firmware version 1.0.1.0. The vulnerability resides in the macAddrClone function within the luci\controller\api\zrMacClone.lua file. Specifically, the macType parameter is improperly sanitized, allowing an attacker to inject arbitrary shell commands. This flaw can be exploited remotely without requiring authentication or user interaction, making it accessible over the network. The vulnerability allows attackers to execute arbitrary commands with the privileges of the affected service, potentially leading to full device compromise. The vendor was notified early but has not issued any patches or advisories. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability, resulting in a medium severity rating with a score of 6.9. No known exploits are currently active in the wild, but public exploit code has been released, increasing the risk of exploitation. This vulnerability poses a significant threat to the security and stability of smart home environments relying on this device.

The impact of CVE-2026-1802 is substantial for organizations and individuals using the Ziroom ZHOME A0101 device. Successful exploitation allows remote attackers to execute arbitrary commands on the device, potentially leading to unauthorized control, data manipulation, or disruption of device functionality. This can compromise the integrity and availability of smart home systems, potentially affecting connected devices and user privacy. In enterprise or multi-unit residential deployments, attackers could leverage this vulnerability to pivot into internal networks, escalating the scope of compromise. The lack of vendor response and absence of patches increases the window of exposure, raising the risk of widespread exploitation especially as public exploit code is available. The medium CVSS score reflects moderate impact but the ease of exploitation without authentication elevates the threat level. Organizations relying on this product should consider the risk of operational disruption, data breaches, and potential lateral movement within their networks.

To mitigate CVE-2026-1802, organizations should first isolate affected Ziroom ZHOME A0101 devices from untrusted networks to reduce exposure. Network segmentation and firewall rules should restrict access to the device’s management interfaces. Monitoring network traffic for unusual command injection patterns or unexpected outbound connections can help detect exploitation attempts. Since no official patches are available, consider disabling or restricting the vulnerable macAddrClone API if possible through device configuration or firmware modifications. Engage with the vendor or community to obtain or develop security patches or firmware updates. For deployments where replacement is feasible, consider substituting the affected devices with alternatives that have verified security updates. Additionally, implement strict access controls and continuous monitoring on smart home networks to quickly identify and respond to suspicious activity. Maintain an inventory of affected devices and track any updates from the vendor or security community.