Skip to main content

Wre6505 V2 Firmware CVE-2026-6058

| EUVDEUVD-2026-24051 MEDIUM
Improper Encoding or Escaping of Output (CWE-116)
2026-04-21 Zyxel GHSA-xj2v-mgxg-mcm4
5.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Jul 08, 2026 - 03:37 NVD
4.5 (MEDIUM) 5.7 (MEDIUM)
Analysis Generated
Apr 21, 2026 - 02:10 vuln.today
EUVD ID Assigned
Apr 21, 2026 - 02:00 euvd
EUVD-2026-24051
Analysis Generated
Apr 21, 2026 - 02:00 vuln.today
CVE Published
Apr 21, 2026 - 01:42 nvd
MEDIUM 4.5

DescriptionNVD

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present.

AnalysisAI

Denial-of-service in Zyxel WRE6505 v2 firmware via improper encoding in the CGI program allows an adjacent WLAN attacker to crash the web management interface by crafting a malformed SSID and convincing an authenticated administrator to visit the 'AP Select' page. CVSS 4.5 (moderate) with attack vector limited to adjacent networks (Wi-Fi range). No public exploit code identified; Zyxel has marked this as unsupported (end-of-life product).

Technical ContextAI

The vulnerability resides in a CGI (Common Gateway Interface) program handling SSID data on the WRE6505 v2 access point range extender. CWE-116 (improper encoding or escaping) indicates the CGI fails to properly sanitize or encode user-supplied SSID input before processing or rendering it in the web interface. When a malformed SSID (likely containing special characters, encoding sequences, or exceeding expected length) is processed by the vulnerable CGI script, it triggers a denial-of-service condition that crashes or hangs the web management daemon. The 'AP Select' page is the specific interface component where the vulnerability manifests, suggesting the SSID enumeration or selection feature fails to handle edge cases in SSID formatting.

RemediationAI

No vendor-released patch is available for this end-of-life product. Remediation options are limited to compensating controls: (1) Restrict Wi-Fi network access to trusted devices only via MAC address filtering - reduces attack surface by preventing untrusted adjacent access but adds administrative overhead and can be bypassed via MAC spoofing. (2) Disable or physically isolate the WRE6505 v2 from production networks and retire it in favor of a supported Zyxel access point - recommended permanent solution. (3) Monitor for unusual SSID broadcast patterns or SSIDs with unusual characters and educate administrators not to click 'AP Select' when unfamiliar SSIDs appear nearby - provides limited protection against social engineering but is not reliable. (4) Implement network segmentation via VLAN to limit the impact of a management interface crash - does not prevent the DoS but isolates the affected device. Consider migration to a currently-supported Zyxel device model with active security maintenance.

Share

CVE-2026-6058 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy