Skip to main content

Zyxel

Vendor security scorecard – 11 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 41
11
CVEs
0
Critical
4
High
0
KEV
0
PoC
4
Unpatched C/H
0.0%
Patch Rate
0.2%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
4
MEDIUM
7
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-7256 Command injection in Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 allows unauthenticated adjacent network attackers to execute arbitrary operating system commands via crafted HTTP requests to the CGI interface. This vulnerability affects an end-of-life product with no vendor support, meaning no security patches will be released. Exploitation requires adjacent network access (same LAN segment) but no authentication, making it exploitable by any device on the local network including compromised IoT devices or malicious insiders. HIGH 8.8 0.8% 45
No patch
CVE-2026-7273 Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16. HIGH 8.8 0.3% 44
No patch
CVE-2026-7287 Remote unauthenticated attackers can crash Zyxel NWA1100-N access points running customized firmware version 1.00(AACE.1)C0 by sending malformed HTTP requests that trigger buffer overflows in five distinct web server functions (formWep, formWlAc, formPasswordSetup, formUpgradeCert, formDelcert). The vulnerability enables denial-of-service attacks with high CVSS 7.5 severity but is limited to an end-of-life product according to Zyxel's reference documentation. No public exploit code identified at time of analysis, and EPSS data is unavailable for this recent CVE. HIGH 7.5 0.3% 38
No patch
CVE-2026-1460 Command injection in Zyxel DX3301-T0 and EX3301-T0 routers allows authenticated administrators to execute arbitrary OS commands by injecting malicious input into the DomainName parameter of DHCP configuration. Affects firmware versions through 5.50(ABVY.7.1)C0. Vendor Zyxel has published a security advisory with remediation guidance. EPSS data not available; no public exploit identified at time of analysis. While CVSS score is 7.2 (High), practical risk is constrained by requirement for admin-level authentication, limiting exposure to credential compromise or malicious insider scenarios. HIGH 7.2 0.2% 36
No patch
CVE-2026-0711 Command injection in EasyMesh APIs of Zyxel DX3300-T0 firmware through version 5.50(ABVY.7.1)C0 allows authenticated administrators with adjacent network access to execute arbitrary OS commands on the device. The vulnerability requires both administrator privileges and adjacent network positioning (AV:A), significantly limiting exposure to local network attackers rather than remote threat actors. CVSS 6.8 reflects high confidentiality, integrity, and availability impact but is constrained by elevated privilege and adjacency requirements. MEDIUM 6.8 0.2% 34
No patch
CVE-2026-4795 Missing authorization in Zyxel GS1200v3-series managed switches allows a LAN-based, unauthenticated attacker to read system configuration data from a log file by sending a crafted HTTP request to the device's web interface. All five GS1200v3 models are affected across their current firmware versions. No public exploit has been identified at time of analysis, and both EPSS (0.03%, 11th percentile) and SSVC exploitation status ('none') confirm no observed in-the-wild exploitation, placing this in the category of a real but low-urgency information disclosure risk confined to the local network segment. MEDIUM 6.5 0.0% 33
No patch
CVE-2026-7255 Brute-force password attacks against the web management interface of Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 succeed due to improper rate-limiting on authentication attempts, allowing adjacent LAN attackers to bypass authentication and gain administrative access without requiring valid credentials. The vulnerability affects a legacy wireless range extender model marked as end-of-life by Zyxel, with CVSS 6.5 reflecting high confidentiality impact but local network scope. MEDIUM 6.5 0.0% 33
No patch
CVE-2026-3870 Buffer overflow in the UPnP AddPortMapping() command handler on Zyxel VMG4005-B50B DSL/Ethernet CPE devices allows adjacent unauthenticated attackers to crash the UPnP service, causing a temporary denial-of-service condition. Affected firmware versions run through 5.13(ABRL.5.4)C0, and the vulnerability was self-disclosed by Zyxel in a June 2026 advisory covering multiple CPE product lines. No public exploit code exists and this vulnerability has not been confirmed as actively exploited (not in CISA KEV). MEDIUM 6.5 0.0% 33
No patch
CVE-2026-3871 Buffer overflow in the UPnP DeletePortMapping() command of Zyxel VMG4005-B50B DSL/Ethernet CPE firmware (through 5.13(ABRL.5.4)C0) enables an unauthenticated adjacent-network attacker to crash the device's UPnP service. The impact is a temporary, recoverable denial-of-service confined to the UPnP function - availability is fully affected (A:H) while confidentiality and integrity remain unimpacted (C:N/I:N). No public exploit code or CISA KEV listing exists at time of analysis; the vulnerability was disclosed by Zyxel itself on 2026-06-02. MEDIUM 6.5 0.0% 33
No patch
CVE-2026-6058 Denial-of-service in Zyxel WRE6505 v2 firmware via improper encoding in the CGI program allows an adjacent WLAN attacker to crash the web management interface by crafting a malformed SSID and convincing an authenticated administrator to visit the 'AP Select' page. CVSS 4.5 (moderate) with attack vector limited to adjacent networks (Wi-Fi range). No public exploit code identified; Zyxel has marked this as unsupported (end-of-life product). MEDIUM 5.7 0.0% 29
No patch
CVE-2026-7257 Zyxel WRE6505 v2 firmware stores sensitive configuration data in an insecure manner, allowing local administrators to download and decrypt backup configuration files, leading to disclosure of confidential credentials and network settings. The vulnerability affects firmware version V1.00(ABDV.3)C0 and requires local access with administrative privileges. No public exploit code or active exploitation has been identified; however, the product is no longer supported by Zyxel, limiting patch availability. MEDIUM 4.4 0.0% 22
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy