CVE-2025-11845

MEDIUM
2026-02-24 [email protected]
4.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 24, 2026 - 02:15 nvd
MEDIUM 4.9

Tags

Zyxel Null Pointer Dereference Gm4100 B0 Firmware Emg3525 T50b Firmware Scr 50axe Firmware Nebula Fwa505 Firmware Ex5512 T0 Firmware Pm7300 T0 Firmware Pe3301 00 Firmware Vmg3625 T50b Firmware Ex3300 T1 Firmware Vmg4005 B60a Firmware Ex3301 T0 Firmware Ex3510 B1 Firmware Pm3100 T0 Firmware Nebula Fwa510 Firmware We3300 00 Firmware Dx3301 T0 Firmware Ex3600 T0 Firmware Ex5401 B1 Firmware Pe5301 01 Firmware Ee5301 00 Firmware Ex7710 B0 Firmware Wx3100 T0 Firmware Dx3300 T1 Firmware Ee6510 10 Firmware Ex5601 T0 Firmware Px5301 T0 Firmware Dx5401 B1 Firmware Ex3500 T0 Firmware Nebula Fwa515 Firmware Pm5100 T1 Firmware Vmg4005 B50a Firmware Ex3510 B0 Firmware Px3321 T1 Firmware Ee3301 00 Firmware Pm7500 00 Firmware Pm5100 T0 Firmware Wx3401 B1 Firmware Dx4510 B0 Firmware Vmg8623 T50b Firmware Nebula Fwa710 Firmware Ex5510 B0 Firmware Nebula Lte3301 Plus Firmware Lte3301 Plus Firmware Ex2210 T0 Firmware Dx4510 B1 Firmware Dx3300 T0 Firmware Ex7501 B0 Firmware Wx5610 B0 Firmware Ex3501 T0 Firmware Ex3300 T0 Firmware Emg5523 T50b Firmware Ax7501 B1 Firmware Wx5600 T0 Firmware Ex5601 T1 Firmware

Description

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Analysis

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Technical Context

Classified as CWE-476 (NULL Pointer Dereference). Affects Lte3301-Plus Firmware. A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Affected Products

Vendor: Zyxel. Product: Lte3301-Plus Firmware. Versions: up to 5.50.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

25
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +24
POC: 0

Share

CVE-2025-11845 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy