Zyxel Emg6726-B10A Firmware vulnerabilities

CVE-2025-13942 [CRITICAL] CWE-78 CVE-2025-13942: A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions thro A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

CVE-2025-13943 [HIGH] CWE-78 CVE-2025-13943: A post-authentication command injection vulnerability in the log file download function of the Zyxel A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

CVE-2025-6599 [MEDIUM] CWE-400 CVE-2025-6599: An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware ver An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other n

CVE-2025-7673 [CRITICAL] CWE-120 CVE-2025-7673: A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K fir A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

CVE-2024-8748 [HIGH] CWE-120 CVE-2024-8748: A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

CVE-2024-9200 [HIGH] CWE-78 CVE-2024-9200: A post-authentication command injection vulnerability in the "host" parameter of the diagnostic func A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

CVE-2022-26413 [HIGH] CWE-78 CVE-2022-26413: A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABF A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

CVE-2022-26414 [MEDIUM] CWE-120 CVE-2022-26414: A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312 A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.