Zyxel Ex3510-B0 Firmware vulnerabilities

CVE-2025-13942 [CRITICAL] CWE-78 CVE-2025-13942: A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions thro A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

CVE-2025-13943 [HIGH] CWE-78 CVE-2025-13943: A post-authentication command injection vulnerability in the log file download function of the Zyxel A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

CVE-2025-11846 [MEDIUM] CWE-476 CVE-2025-11846: A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T5 A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HT

CVE-2025-11845 [MEDIUM] CWE-476 CVE-2025-11845: A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3 A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a craf

CVE-2025-11847 [MEDIUM] CWE-476 CVE-2025-11847: A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B fi A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP re

CVE-2025-11848 [MEDIUM] CWE-476 CVE-2025-11848: A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B fi A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP req

CVE-2025-8693 [HIGH] CWE-78 CVE-2025-8693: A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 fir A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

CVE-2025-7673 [CRITICAL] CWE-120 CVE-2025-7673: A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K fir A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

CVE-2024-12009 [HIGH] CWE-78 CVE-2024-12009: A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

CVE-2024-12010 [HIGH] CWE-78 CVE-2024-12010: A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

CVE-2024-8748 [HIGH] CWE-120 CVE-2024-8748: A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

CVE-2024-9197 [MEDIUM] CWE-120 CVE-2024-9197: A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET r

CVE-2024-38268 [MEDIUM] CWE-119 CVE-2024-38268: An improper restriction of operations within the bounds of a memory buffer in the MAC address parser An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

CVE-2024-38266 [MEDIUM] CWE-119 CVE-2024-38266: An improper restriction of operations within the bounds of a memory buffer in the parameter type par An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

CVE-2024-38267 [MEDIUM] CWE-119 CVE-2024-38267: An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parse An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

CVE-2024-38269 [MEDIUM] CWE-119 CVE-2024-38269: An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing h An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

CVE-2024-5412 [HIGH] CWE-120 CVE-2024-5412: A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware versio A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

CVE-2022-43390 [MEDIUM] CWE-78 CVE-2022-43390: A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3) A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

CVE-2022-43391 [MEDIUM] CWE-120 CVE-2022-43391: A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior t A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

CVE-2022-43392 [MEDIUM] CWE-120 CVE-2022-43392: A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1. A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.