How to fix CVE-2025-11846?

Within 30 days: Identify affected systems running the account settings CGI program of the Zyxel VMG3625-T50B f and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Null Pointer Dereference affected by CVE-2025-11846?

Organizations using the account settings CGI program of the Zyxel VMG3625-T50B firmware should be aware of moderate risk from CVE-2025-11846, a null pointer dereference vulnerability rated CVSS 4.9. Exploitation could compromise the security of affected deployments.

CVE-2025-11846

MEDIUM

2026-02-24 [email protected]

4.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 24, 2026 - 02:16 nvd

MEDIUM 4.9

Tags

Zyxel Null Pointer Dereference Ex5512 T0 Firmware Emg5523 T50b Firmware Ex5601 T0 Firmware Nebula Fwa515 Firmware Ex3300 T0 Firmware Vmg3625 T50b Firmware Wx5600 T0 Firmware Ee6510 10 Firmware Pm5100 T0 Firmware Dx3300 T0 Firmware Nebula Fwa505 Firmware Dx4510 B0 Firmware Ex3501 T0 Firmware Wx3401 B1 Firmware Ax7501 B1 Firmware Ex3510 B1 Firmware Ee5301 00 Firmware Vmg8623 T50b Firmware Nebula Lte3301 Plus Firmware Ex2210 T0 Firmware Ex3510 B0 Firmware Pm5100 T1 Firmware Ex3301 T0 Firmware Ex5510 B0 Firmware Nebula Fwa510 Firmware Ex5401 B1 Firmware Ex7501 B0 Firmware Nebula Fwa710 Firmware Dx5401 B1 Firmware Gm4100 B0 Firmware Scr 50axe Firmware Vmg4005 B50a Firmware Pm7300 T0 Firmware Px5301 T0 Firmware Dx4510 B1 Firmware Wx5610 B0 Firmware Wx3100 T0 Firmware We3300 00 Firmware Pm7500 00 Firmware Pm3100 T0 Firmware Ex3300 T1 Firmware Ex3600 T0 Firmware Dx3301 T0 Firmware Emg3525 T50b Firmware Ex5601 T1 Firmware Ee3301 00 Firmware Ex3500 T0 Firmware Ex7710 B0 Firmware Pe5301 01 Firmware Pe3301 00 Firmware Lte3301 Plus Firmware Px3321 T1 Firmware Dx3300 T1 Firmware Vmg4005 B60a Firmware

Description

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Analysis

Technical Context

Classified as CWE-476 (NULL Pointer Dereference). Affects Lte3301-Plus Firmware. A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Affected Products

Vendor: Zyxel. Product: Lte3301-Plus Firmware. Versions: up to 5.50.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +24

POC: 0

CVE-2025-11846 vulnerability details – vuln.today

Back

CVE-2025-11846

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code