Severity by source
AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present.
AnalysisAI
Denial-of-service in Zyxel WRE6505 v2 firmware via improper encoding in the CGI program allows an adjacent WLAN attacker to crash the web management interface by crafting a malformed SSID and convincing an authenticated administrator to visit the 'AP Select' page. CVSS 4.5 (moderate) with attack vector limited to adjacent networks (Wi-Fi range). No public exploit code identified; Zyxel has marked this as unsupported (end-of-life product).
Technical ContextAI
The vulnerability resides in a CGI (Common Gateway Interface) program handling SSID data on the WRE6505 v2 access point range extender. CWE-116 (improper encoding or escaping) indicates the CGI fails to properly sanitize or encode user-supplied SSID input before processing or rendering it in the web interface. When a malformed SSID (likely containing special characters, encoding sequences, or exceeding expected length) is processed by the vulnerable CGI script, it triggers a denial-of-service condition that crashes or hangs the web management daemon. The 'AP Select' page is the specific interface component where the vulnerability manifests, suggesting the SSID enumeration or selection feature fails to handle edge cases in SSID formatting.
RemediationAI
No vendor-released patch is available for this end-of-life product. Remediation options are limited to compensating controls: (1) Restrict Wi-Fi network access to trusted devices only via MAC address filtering - reduces attack surface by preventing untrusted adjacent access but adds administrative overhead and can be bypassed via MAC spoofing. (2) Disable or physically isolate the WRE6505 v2 from production networks and retire it in favor of a supported Zyxel access point - recommended permanent solution. (3) Monitor for unusual SSID broadcast patterns or SSIDs with unusual characters and educate administrators not to click 'AP Select' when unfamiliar SSIDs appear nearby - provides limited protection against social engineering but is not reliable. (4) Implement network segmentation via VLAN to limit the impact of a management interface crash - does not prevent the DoS but isolates the affected device. Consider migration to a currently-supported Zyxel device model with active security maintenance.
Same weakness CWE-116 – Improper Encoding or Escaping of Output
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24051
GHSA-xj2v-mgxg-mcm4