CVE-2025-11846NULL Pointer Dereference in Zyxel Ax7501-b1 Firmware

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 68.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
54
Zyxel Ax7501-b1 FirmwareZyxel Dx3300-t0 FirmwareZyxel Dx3300-t1 Firmware+51 more
Timeline
PublishedFeb 24

Description

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages56 packages

NVDzyxel/vmg3625-t50b_firmware< 5.50\(abpm.9.7\)c0
CVEListV5zyxel/vmg3625-t50b_firmware5.50(ABPM.9.6)C0
NVDzyxel/wx3100-t0_firmware< 5.50\(abvl.4.9\)c0
NVDzyxel/emg3525-t50b_firmware< 5.50\(abpm.9.7\)c0
NVDzyxel/emg5523-t50b_firmware< 5.50\(abpm.9.7\)c0

🔴Vulnerability Details

2
CVEList
CVE-2025-11846: A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 52026-02-24
GHSA
GHSA-r8mv-7fwh-cfvr: A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 52026-02-24
CVE-2025-11846 — NULL Pointer Dereference in Zyxel | cvebase