Skip to main content

Emg3525 T50b Firmware

18 CVEs product

Monthly

CVE-2026-1459 HIGH This Week

Zyxel VMG3625-T50B, DX5401 B1, and EMG5523 T50B devices with firmware through version 5.50(ABPM.9.7)C0 contain a post-authentication command injection vulnerability in the TR-369 certificate download function that allows authenticated administrators to execute arbitrary operating system commands. An attacker with admin credentials could leverage this to gain complete control over the affected device. No patch is currently available.

Zyxel Command Injection Dx5401 B1 Firmware Emg5523 T50b Firmware Vmg3625 T50b Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-13943 HIGH This Week

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. [CVSS 8.8 HIGH]

Zyxel Command Injection Dx3300 T1 Firmware Px3321 T1 Firmware Wx5610 B0 Firmware +49
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-11848 MEDIUM This Month

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Zyxel Null Pointer Dereference Ex3300 T1 Firmware Emg5523 T50b Firmware Ex3600 T0 Firmware +45
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-11847 MEDIUM This Month

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Zyxel Null Pointer Dereference Ex3300 T1 Firmware Ex3300 T0 Firmware Ex5601 T0 Firmware +51
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-11846 MEDIUM This Month

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Zyxel Null Pointer Dereference Ex5512 T0 Firmware Emg5523 T50b Firmware Ex5601 T0 Firmware +51
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-11845 MEDIUM This Month

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Zyxel Null Pointer Dereference Gm4100 B0 Firmware Emg3525 T50b Firmware Scr 50axe Firmware +51
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-8693 HIGH This Month

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Dm4200 B0 Firmware Dx3300 T0 Firmware Dx3300 T1 Firmware +51
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6599 MEDIUM This Month

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zyxel Lte3301 Plus Firmware Nr5103 Firmware Nr5103E Firmware +63
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-9197 MEDIUM This Month

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Dx3300 T0 Firmware Dx3300 T1 Firmware +34
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-8748 HIGH This Week

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Lte3301 Plus Firmware Lte5388 M804 Firmware +61
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38269 MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware Wx3401 B0 Firmware Wx3100 T0 Firmware +38
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-38268 MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware Wx3401 B0 Firmware Wx3100 T0 Firmware +38
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-38267 MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware Wx3401 B0 Firmware Wx3100 T0 Firmware +38
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-38266 MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Dx3300 T0 Firmware Dx3300 T1 Firmware Dx3301 T0 Firmware +39
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-5412 HIGH This Week

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Nebula Lte3301 Plus Firmware Nebula Fwa505 Firmware +48
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-0816 MEDIUM This Month

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Lte3202 M437 Firmware Lte3301 Plus Firmware Lte5388 M804 Firmware +62
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-26414 MEDIUM This Month

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Zyxel Vmg3312 T20A Firmware Emg3525 T50b Firmware +30
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26413 HIGH This Week

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Zyxel Vmg3312 T20A Firmware Emg3525 T50b Firmware Emg5523 T50b Firmware +29
NVD
CVSS 3.1
8.0
EPSS
0.7%
EPSS 0% CVSS 7.2
HIGH This Week

Zyxel VMG3625-T50B, DX5401 B1, and EMG5523 T50B devices with firmware through version 5.50(ABPM.9.7)C0 contain a post-authentication command injection vulnerability in the TR-369 certificate download function that allows authenticated administrators to execute arbitrary operating system commands. An attacker with admin credentials could leverage this to gain complete control over the affected device. No patch is currently available.

Zyxel Command Injection Dx5401 B1 Firmware +5
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. [CVSS 8.8 HIGH]

Zyxel Command Injection Dx3300 T1 Firmware +51
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Zyxel Null Pointer Dereference Ex3300 T1 Firmware +47
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Zyxel Null Pointer Dereference Ex3300 T1 Firmware +53
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Zyxel Null Pointer Dereference Ex5512 T0 Firmware +53
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]

Zyxel Null Pointer Dereference Gm4100 B0 Firmware +53
NVD
EPSS 0% CVSS 8.8
HIGH This Month

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Dm4200 B0 Firmware +53
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zyxel Lte3301 Plus Firmware +65
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service +36
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service +63
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware +40
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware +40
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware +40
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Dx3300 T0 Firmware +41
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service +50
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Lte3202 M437 Firmware +64
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Zyxel +32
NVD
EPSS 1% CVSS 8.0
HIGH This Week

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Zyxel Vmg3312 T20A Firmware +31
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy