1. Home
  2. Vulnerabilities
  3. CVE-2025-11845
4.9
MEDIUM CVSS 3.1
CVE-2025-11845
Zyxel VMG3625-T50B and WX3100-T0 Null Pointer Dereference Denial-of-Service Vulnerability
Description

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

INFO

Published Date :

Feb. 24, 2026, 2:15 a.m.

Last Modified :

Feb. 25, 2026, 6:10 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2025-11845 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Zyxel nebula_fwa510_firmware
2 Zyxel nebula_fwa710_firmware
3 Zyxel dx3301-t0_firmware
4 Zyxel dx4510-b1_firmware
5 Zyxel emg3525-t50b_firmware
6 Zyxel emg5523-t50b_firmware
7 Zyxel ex3301-t0_firmware
8 Zyxel ex3510-b0_firmware
9 Zyxel ex5510-b0_firmware
10 Zyxel ex5512-t0_firmware
11 Zyxel ex5601-t0_firmware
12 Zyxel ex5601-t1_firmware
13 Zyxel vmg4005-b50a_firmware
14 Zyxel vmg4005-b60a_firmware
15 Zyxel vmg8623-t50b_firmware
16 Zyxel pm3100-t0_firmware
17 Zyxel pm5100-t0_firmware
18 Zyxel pm7300-t0_firmware
19 Zyxel wx3100-t0_firmware
20 Zyxel wx5600-t0_firmware
21 Zyxel lte3301-plus_firmware
22 Zyxel nebula_lte3301-plus_firmware
23 Zyxel vmg3625-t50b_firmware
24 Zyxel nebula_lte3301-plus
25 Zyxel nebula_fwa505_firmware
26 Zyxel nebula_fwa505
27 Zyxel nebula_fwa710
28 Zyxel nebula_fwa510
29 Zyxel wx5600-t0
30 Zyxel wx3100-t0
31 Zyxel px3321-t1_firmware
32 Zyxel px3321-t1
33 Zyxel pm7300-t0
34 Zyxel pm5100-t0
35 Zyxel pm3100-t0
36 Zyxel ax7501-b1_firmware
37 Zyxel ax7501-b1
38 Zyxel vmg8623-t50b
39 Zyxel vmg4005-b60a
40 Zyxel vmg4005-b50a
41 Zyxel vmg3625-t50b
42 Zyxel emg5523-t50b
43 Zyxel emg3525-t50b
44 Zyxel ex7710-b0_firmware
45 Zyxel ex7710-b0
46 Zyxel ex7501-b0_firmware
47 Zyxel ex7501-b0
48 Zyxel ex5601-t1
49 Zyxel ex5601-t0
50 Zyxel ex5512-t0
51 Zyxel ex5510-b0
52 Zyxel ex5401-b1_firmware
53 Zyxel ex5401-b1
54 Zyxel ex3510-b0
55 Zyxel ex3501-t0_firmware
56 Zyxel ex3501-t0
57 Zyxel ex3500-t0_firmware
58 Zyxel ex3500-t0
59 Zyxel ex3301-t0
60 Zyxel ex3300-t1_firmware
61 Zyxel ex3300-t1
62 Zyxel ex3300-t0_firmware
63 Zyxel ex3300-t0
64 Zyxel dx5401-b1_firmware
65 Zyxel dx5401-b1
66 Zyxel dx4510-b0_firmware
67 Zyxel dx4510-b0
68 Zyxel dx3301-t0
69 Zyxel dx3300-t1_firmware
70 Zyxel dx3300-t1
71 Zyxel dx3300-t0_firmware
72 Zyxel dx3300-t0
73 Zyxel ex3600-t0_firmware
74 Zyxel ex3600-t0
75 Zyxel ex3510-b1_firmware
76 Zyxel ex3510-b1
77 Zyxel dx4510-b1
78 Zyxel lte3301-plus
79 Zyxel ee6510-10_firmware
80 Zyxel ee6510-10
81 Zyxel ex2210-t0_firmware
82 Zyxel ex2210-t0
83 Zyxel px5301-t0_firmware
84 Zyxel px5301-t0
85 Zyxel wx3401-b1_firmware
86 Zyxel wx3401-b1
87 Zyxel wx5610-b0_firmware
88 Zyxel wx5610-b0
89 Zyxel ee3301-00_firmware
90 Zyxel ee3301-00
91 Zyxel ee5301-00_firmware
92 Zyxel ee5301-00
93 Zyxel gm4100-b0_firmware
94 Zyxel gm4100-b0
95 Zyxel pe3301-00_firmware
96 Zyxel pe3301-00
97 Zyxel pe5301-01_firmware
98 Zyxel pe5301-01
99 Zyxel pm7500-00_firmware
100 Zyxel pm7500-00
101 Zyxel we3300-00_firmware
102 Zyxel we3300-00
103 Zyxel nebula_fwa515_firmware
104 Zyxel nebula_fwa515
105 Zyxel scr_50axe_firmware
106 Zyxel scr_50axe
107 Zyxel pm5100-t1_firmware
108 Zyxel pm5100-t1
: Total Affected Vendor : 1 | Products : 108
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM 96e50032-ad0d-4058-a115-4d2c13821f9f
CVSS 3.1 MEDIUM [email protected]
CVSS 3.1 MEDIUM [email protected]
Solution
Update firmware to patch null pointer dereference in certificate downloader CGI program.
  • Update Zyxel VMG3625-T50B firmware to version 5.50(ABPM.9.6)C0 or later.
  • Update Zyxel WX3100-T0 firmware to version 5.50(ABVL.4.8)C0 or later.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-11845.

URL Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026 Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-11845 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-11845 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-11845 vulnerability anywhere in the article.

  • Daily CyberSecurity
Total Takeover: Critical Zyxel Flaw (CVSS 9.8) Exposes Routers to Remote Command Injection

Networking giant Zyxel has rolled out a wave of urgent security patches addressing multiple vulnerabilities across its fleet of 4G LTE/5G NR CPEs, DSL/Ethernet routers, Fiber ONTs, and Wireless Extend ... Read more

Published Date: Feb 25, 2026 (21 hours, 48 minutes ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-11845 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 25, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:lte3301-plus_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.00(abqu.9)c0 OR cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:nebula_fwa505_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.60(acko.2)v0 OR cpe:2.3:h:zyxel:nebula_fwa505:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:nebula_fwa510_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.60(acgd.0)c0 OR cpe:2.3:h:zyxel:nebula_fwa510:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:nebula_fwa515_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.60(acpz.0)v0 OR cpe:2.3:h:zyxel:nebula_fwa515:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:nebula_fwa710_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.60(acgc.1)v0 OR cpe:2.3:h:zyxel:nebula_fwa710:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ee5301-00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.63(acld.2.1)c0 OR cpe:2.3:h:zyxel:ee5301-00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.63(acmu.2.1)c0 OR cpe:2.3:h:zyxel:ee3301-00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abyo.7.1)c0 OR cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abyl.10.1)c0 OR cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:dx4510-b0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abyl.10.1)c0 OR cpe:2.3:h:zyxel:dx4510-b0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abvy.7.1)c0 OR cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abvy.7.1)c0 OR cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abvy.7.1)c0 OR cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.18(acca.6)v0 OR cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.19(acjq.4.1)c0 OR cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abpm.9.7)c0 OR cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abpm.9.7)c0 OR cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex2210-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(acdi.2.3)c0 OR cpe:2.3:h:zyxel:ex2210-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abvy.7.1)c0 OR cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abvy.7.1)c0 OR cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abvy.7.1)c0 OR cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.44(achr.5.1)c0 OR cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.44(achr.5.1)c0 OR cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abup.15.2)c0 OR cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex3510-b1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abup.15.2)c0 OR cpe:2.3:h:zyxel:ex3510-b1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.70(acif.2.1)c0 OR cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abyo.7.1)c0 OR cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abqx.11.1)c0 OR cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.70(aceg.5.3)c0 OR cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.70(acdz.5.1)c0 OR cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.70(acdz.5.1)c0 OR cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.18(achn.3.1)c0 OR cpe:2.3:h:zyxel:ex7501-b0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ex7710-b0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.18(acak.1.6)c0 OR cpe:2.3:h:zyxel:ex7710-b0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:gm4100-b0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.18(accl.2)c0 OR cpe:2.3:h:zyxel:gm4100-b0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:pm7500-00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.61(ackk.1.2)c0 OR cpe:2.3:h:zyxel:pm7500-00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abpm.9.7)c0 OR cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:vmg4005-b50a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abqa.3.2)c0 OR cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:vmg4005-b60a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abqa.3.2)c0 OR cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abpc.7.1)c0 OR cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:pe3301-00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.63(acmt.2.1)c0 OR cpe:2.3:h:zyxel:pe3301-00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:pe5301-01_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.63(acoj.2.1)c0 OR cpe:2.3:h:zyxel:pe5301-01:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:pm3100-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.42(acbf.4.1)c0 OR cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:pm5100-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.42(acbf.4.1)c0 OR cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:pm5100-t1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.42(acbf.4.1)c0 OR cpe:2.3:h:zyxel:pm5100-t1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.42(abyy.4.1)c0 OR cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.44(achk.3)c0 OR cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.44(acjb.1.5)c0 OR cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.44(ackb.0.6)c0 OR cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:scr_50axe_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.30(acgn.0)c0 OR cpe:2.3:h:zyxel:scr_50axe:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abpm.9.7)c0 OR cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:we3300-00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.70(acka.1.1)c0 OR cpe:2.3:h:zyxel:we3300-00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:wx3100-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.50(abvl.4.9)c0 OR cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:wx3401-b1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.17(abve.2.10)c0 OR cpe:2.3:h:zyxel:wx3401-b1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.70(aceb.5.1)c0 OR cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:zyxel:wx5610-b0_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.18(acgj.0.5)c0 OR cpe:2.3:h:zyxel:wx5610-b0:-:*:*:*:*:*:*:*
    Added Reference Type Zyxel Corporation: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026 Types: Vendor Advisory
  • New CVE Received by [email protected]

    Feb. 24, 2026

    Action Type Old Value New Value
    Added Description A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
    Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-476
    Added Reference https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 4.9
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact