Zyxel Pm5100-T1 Firmware vulnerabilities
5 known vulnerabilities affecting zyxel/pm5100-t1_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-13943HIGHCVSS 8.8fixed in 5.42\(acbf.4.1\)c02026-02-24
CVE-2025-13943 [HIGH] CWE-78 CVE-2025-13943: A post-authentication command injection vulnerability in the log file download function of the Zyxel
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
nvd
CVE-2025-11846MEDIUMCVSS 4.9fixed in 5.42\(acbf.4.1\)c02026-02-24
CVE-2025-11846 [MEDIUM] CWE-476 CVE-2025-11846: A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T5
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HT
nvd
CVE-2025-11845MEDIUMCVSS 4.9fixed in 5.42\(acbf.4.1\)c02026-02-24
CVE-2025-11845 [MEDIUM] CWE-476 CVE-2025-11845: A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3
A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a craf
nvd
CVE-2025-11847MEDIUMCVSS 4.9fixed in 5.42\(acbf.4.1\)c02026-02-24
CVE-2025-11847 [MEDIUM] CWE-476 CVE-2025-11847: A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B fi
A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP re
nvd
CVE-2025-11848MEDIUMCVSS 4.9fixed in 5.42\(acbf.4.1\)c02026-02-24
CVE-2025-11848 [MEDIUM] CWE-476 CVE-2025-11848: A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B fi
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP req
nvd