Zyxel Ex2210-T0 Firmware vulnerabilities
7 known vulnerabilities affecting zyxel/ex2210-t0_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-13942CRITICALCVSS 9.8fixed in 5.50\(acdi.2.4\)c02026-02-24
CVE-2025-13942 [CRITICAL] CWE-78 CVE-2025-13942: A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions thro
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.
nvd
CVE-2025-13943HIGHCVSS 8.8fixed in 5.50\(acdi.2.3\)c02026-02-24
CVE-2025-13943 [HIGH] CWE-78 CVE-2025-13943: A post-authentication command injection vulnerability in the log file download function of the Zyxel
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
nvd
CVE-2025-11846MEDIUMCVSS 4.9fixed in 5.50\(acdi.2.3\)c02026-02-24
CVE-2025-11846 [MEDIUM] CWE-476 CVE-2025-11846: A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T5
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HT
nvd
CVE-2025-11845MEDIUMCVSS 4.9fixed in 5.50\(acdi.2.3\)c02026-02-24
CVE-2025-11845 [MEDIUM] CWE-476 CVE-2025-11845: A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3
A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a craf
nvd
CVE-2025-11847MEDIUMCVSS 4.9fixed in 5.50\(acdi.2.3\)c02026-02-24
CVE-2025-11847 [MEDIUM] CWE-476 CVE-2025-11847: A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B fi
A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP re
nvd
CVE-2025-11848MEDIUMCVSS 4.9fixed in 5.50\(acdi.2.3\)c02026-02-24
CVE-2025-11848 [MEDIUM] CWE-476 CVE-2025-11848: A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B fi
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP req
nvd
CVE-2024-8748HIGHCVSS 7.5fixed in 5.50\(acdi.2\)c02024-12-03
CVE-2024-8748 [HIGH] CWE-120 CVE-2024-8748: A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
nvd