CVE-2025-6599

MEDIUM
2025-11-18 [email protected]
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:22 vuln.today
CVE Published
Nov 18, 2025 - 02:15 nvd
MEDIUM 5.3

Tags

Denial Of Service Zyxel Lte3301 Plus Firmware Nr5103 Firmware Nr5103E Firmware Nr5309 Firmware Nr7302 Firmware Nr7303 Firmware Nebula Fwa505 Firmware Nebula Fwa510 Firmware Nebula Fwa515 Firmware Nebula Fwa710 Firmware Dm4200 B0 Firmware Dx3300 T0 Firmware Dx3300 T1 Firmware Dx3301 T0 Firmware Dx4510 B1 Firmware Dx5401 B0 Firmware Dx5401 B1 Firmware Ee3301 00 Firmware Ee5301 00 Firmware Ee6510 10 Firmware Ex3300 T0 Firmware Ex3300 T1 Firmware Ex3301 T0 Firmware Ex3500 T0 Firmware Ex3501 T0 Firmware Ex3600 T0 Firmware Ex5401 B0 Firmware Ex5401 B1 Firmware Ex5501 B0 Firmware Ex5510 B0 Firmware Ex5512 T0 Firmware Ex5601 T0 Firmware Ex5601 T1 Firmware Ex7501 B0 Firmware Ex7710 B0 Firmware Emg3525 T50b Firmware Emg5523 T50b Firmware Emg5723 T50K Firmware Emg6726 B10a Firmware Gm4100 B0 Firmware Vmg3625 T50b Firmware Vmg3927 B50B Firmware Vmg3927 T50K Firmware Vmg4005 B50a Firmware Vmg4005 B60a Firmware Vmg4005 B50B Firmware Vmg4927 B50a Firmware Vmg8623 T50b Firmware Vmg8825 T50K Firmware Ax7501 B0 Firmware Ax7501 B1 Firmware Pe3301 00 Firmware Pe5301 01 Firmware Pm3100 T0 Firmware Pm5100 T0 Firmware Pm7500 00 Firmware Pm7300 T0 Firmware Px3321 T1 Firmware Px5301 T0 Firmware Scr 50axe Firmware We3300 00 Firmware Wx3100 T0 Firmware Wx3401 B0 Firmware Wx3401 B1 Firmware Wx5600 T0 Firmware Wx5610 B0 Firmware

Description

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

Analysis

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical Context

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected. Affected products include: Zyxel Lte3301-Plus Firmware, Zyxel Nr5103 Firmware, Zyxel Nr5103E Firmware, Zyxel Nr5309 Firmware, Zyxel Nr7302 Firmware. Version information: version 5.50.

Affected Products

Zyxel Lte3301-Plus Firmware, Zyxel Nr5103 Firmware, Zyxel Nr5103E Firmware, Zyxel Nr5309 Firmware, Zyxel Nr7302 Firmware.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +26
POC: 0

Share

CVE-2025-6599 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy