Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
UNSUPPORTED WHEN ASSIGNED An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
AnalysisAI
Brute-force password attacks against the web management interface of Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 succeed due to improper rate-limiting on authentication attempts, allowing adjacent LAN attackers to bypass authentication and gain administrative access without requiring valid credentials. The vulnerability affects a legacy wireless range extender model marked as end-of-life by Zyxel, with CVSS 6.5 reflecting high confidentiality impact but local network scope.
Technical ContextAI
The WRE6505 v2 is a wireless range extender with an embedded web management interface (typically accessible via HTTP/HTTPS on the local network). The vulnerability stems from CWE-307 (Improper Restriction of Excessive Authentication Attempts), meaning the web service fails to implement account lockout, CAPTCHA challenges, or progressive rate-limiting against repeated failed login attempts. An attacker on the adjacent LAN segment can submit unlimited password guesses without delay penalties, allowing dictionary or brute-force attacks to discover valid administrator credentials. The CPE designation indicates all firmware versions of the WRE6505 v2 product line are affected, though the specific discovered instance was V1.00(ABDV.3)C0.
RemediationAI
No vendor-released patch exists for this end-of-life product. Organizations must implement the following compensating controls: (1) Restrict web management interface access to trusted administrative IPs only using firewall rules or network segmentation - isolate the WRE6505 v2 on a dedicated management VLAN with restricted ingress; (2) Change the default administrator password to a strong, complex password (20+ characters, mixed case, numbers, symbols) to increase brute-force effort to impractical levels; (3) Disable remote management access entirely if not required, and if needed, access the device only via SSH or VPN tunnel rather than direct HTTP/HTTPS; (4) Consider replacing the WRE6505 v2 with a current, supported model from Zyxel or another vendor to eliminate the vulnerability entirely. Network-level detection tools (IDS/IPS) can flag repeated failed authentication attempts to the device and trigger alerts.
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. Rated h
Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, compani
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attac
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware v
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware vers
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Pat
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.3
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex ar
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmwa
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29375
GHSA-2rgv-5m49-97j4