CVE-2026-24789
published 2026-02-11CVE-2026-24789: An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.67%
47.3th percentile
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zlan_information_technology_co | zlan5143d | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target device: ZLAN5143D v1.600 — look for unauthenticated HTTP requests to API endpoints that modify device passwords (no Authorization/session header present) ↗
- →Network-exploitable with no privileges or user interaction required (CVSS AV:N/AC:L/PR:N/UI:N); alert on unauthenticated inbound requests to ZLAN5143D management interfaces from untrusted networks ↗
- →Companion vulnerability CVE-2026-25084 on the same device/version allows auth bypass via direct URL access — correlate both CVEs when triaging ZLAN5143D traffic ↗
- ·Only ZLAN5143D firmware version v1.600 is confirmed affected; no patched version has been released as the vendor did not respond to CISA coordination ↗
- ·No known public exploitation has been reported at time of advisory publication; detections should be treated as precautionary ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
ZLAN Information Technology Co. ZLAN5143D
cisa_ics·2026-02-10·CVSS 9.8
[CRITICAL] ZLAN Information Technology Co. ZLAN5143D
ICS Advisory
##
ZLAN Information Technology Co. ZLAN5143D
Release DateFebruary 10, 2026
Alert CodeICSA-26-041-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password.
The following versions of ZLAN Information Technology Co. ZLAN5143D are affected:
- ZLAN5143D v1.600 (CVE-2026-25084, CVE-2026-24789)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 9.8
| ZLAN Information Technology Co.
| ZLAN Information Technology Co. ZLAN5143D
| Missing Authentication for Critical Function
## Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed:
GHSA
GHSA-r6ff-p4vx-28hv: An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication
ghsa_unreviewed·2026-02-11
CVE-2026-24789 [CRITICAL] CWE-306 GHSA-r6ff-p4vx-28hv: An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-11
Published