ByteOS Network

CVE-2025-13943

Assigner-Zyxel Corporation

View Details

Assigner-Zyxel Corporation

CVSS Score-8.8||HIGH

EPSS-0.18% / 39.37%

||

7 Day CHG~0.00%

Published-24 Feb, 2026 | 02:38

Updated-26 Feb, 2026 | 14:44

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Vendor-Zyxel Networks Corporation

Product-dx4510-b0_firmware ex5601-t1_firmware ex5510-b0 ex5512-t0 vmg4005-b50a ax7501-b1_firmware gm4100-b0_firmware ex7501-b0_firmware pm5100-t1 dx3300-t1_firmware ex3510-b1 pm5100-t0_firmware wx3401-b1_firmware emg6726-b10a_firmware vmg3625-t50b px3321-t1 ex3501-t0_firmware ex7710-b0_firmware dx4510-b0 dm4200-b0 ee5301-00 vmg4005-b60a_firmware emg3525-t50b_firmware pm3100-t0 pm7300-t0_firmware ee3301-00 pe3301-00 dx5401-b1 ex2210-t0_firmware gm4100-b0 px5301-t0 vmg4927-b50a_firmware ex5401-b1_firmware emg3525-t50b am7510-00_firmware ex5510-b0_firmware wx3100-t0 dx5401-b1_firmware ex5601-t1 ee3301-00_firmware vmg4927-b50a pm7300-t0 pe5301-01 ex2210-t0 wx5610-b0_firmware vmg8623-t50b_firmware wx3401-b1 wx5610-b0 dx3301-t0 ex3301-t0 ex3510-b0 we4600-00_firmware pm7500-00_firmware ee5301-00_firmware ex7501-b0 ex5401-b1 wx5600-t0_firmware pm5100-t1_firmware ee6510-10 ex3510-b1_firmware ex3500-t0 ex3600-t0 px5301-t0_firmware ex3300-t1_firmware dx4510-b1 emg6726-b10a we4600-00 dx3301-t0_firmware ex3500-t0_firmware vmg3625-t50b_firmware pm7500-00 vmg4005-b50a_firmware vmg8623-t50b ex5601-t0_firmware we3300-00_firmware ex3301-t0_firmware vmg4005-b60a dx3300-t0 ee6510-10_firmware dm4200-b0_firmware ex5601-t0 dx3300-t1 ex3510-b0_firmware ex7710-b0 wx3100-t0_firmware ex3300-t0 ex3300-t1 we3300-00 ex5512-t0_firmware pm5100-t0 wx5600-t0 ex3300-t0_firmware emg5523-t50b_firmware px3321-t1_firmware dx4510-b1_firmware ex3501-t0 pe5301-01_firmware ex3600-t0_firmware ax7501-b1 dx3300-t0_firmware pe3301-00_firmware emg5523-t50b pm3100-t0_firmware am7510-00 EX3301-T0 firmware

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-11848

Assigner-Zyxel Corporation

View Details

Assigner-Zyxel Corporation

CVSS Score-4.9||MEDIUM

EPSS-0.06% / 19.40%

||

7 Day CHG~0.00%

Published-24 Feb, 2026 | 02:14

Updated-25 Feb, 2026 | 17:57

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Vendor-Zyxel Networks Corporation

Product-dx4510-b0_firmware ex5601-t1_firmware ex5510-b0 ex5512-t0 vmg4005-b50a ax7501-b1_firmware gm4100-b0_firmware ex7501-b0_firmware pm5100-t1 dx3300-t1_firmware ex3510-b1 pm5100-t0_firmware wx3401-b1_firmware vmg3625-t50b px3321-t1 ex3501-t0_firmware ex7710-b0_firmware dx4510-b0 ee5301-00 vmg4005-b60a_firmware emg3525-t50b_firmware pm3100-t0 pm7300-t0_firmware ee3301-00 pe3301-00 dx5401-b1 ex2210-t0_firmware gm4100-b0 px5301-t0 ex5401-b1_firmware emg3525-t50b ex5510-b0_firmware wx3100-t0 dx5401-b1_firmware ex5601-t1 ee3301-00_firmware pm7300-t0 pe5301-01 ex2210-t0 wx5610-b0_firmware vmg8623-t50b_firmware wx3401-b1 wx5610-b0 dx3301-t0 ex3301-t0 ex3510-b0 pm7500-00_firmware ee5301-00_firmware ex7501-b0 ex5401-b1 wx5600-t0_firmware pm5100-t1_firmware ee6510-10 ex3510-b1_firmware ex3500-t0 ex3600-t0 px5301-t0_firmware ex3300-t1_firmware dx4510-b1 scr_50axe dx3301-t0_firmware ex3500-t0_firmware vmg3625-t50b_firmware pm7500-00 vmg4005-b50a_firmware vmg8623-t50b ex5601-t0_firmware we3300-00_firmware scr_50axe_firmware ex3301-t0_firmware vmg4005-b60a dx3300-t0 ee6510-10_firmware ex5601-t0 dx3300-t1 ex3510-b0_firmware ex7710-b0 wx3100-t0_firmware ex3300-t0 ex3300-t1 we3300-00 ex5512-t0_firmware pm5100-t0 wx5600-t0 ex3300-t0_firmware emg5523-t50b_firmware px3321-t1_firmware dx4510-b1_firmware ex3501-t0 pe5301-01_firmware ex3600-t0_firmware ax7501-b1 dx3300-t0_firmware pe3301-00_firmware emg5523-t50b pm3100-t0_firmware VMG3625-T50B firmware WX3100-T0 firmware

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2025-11847

Assigner-Zyxel Corporation

View Details

Assigner-Zyxel Corporation

CVSS Score-4.9||MEDIUM

EPSS-0.06% / 19.40%

||

7 Day CHG~0.00%

Published-24 Feb, 2026 | 02:09

Updated-25 Feb, 2026 | 18:14

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Vendor-Zyxel Networks Corporation

Product-dx4510-b0_firmware ex5601-t1_firmware ex5510-b0 ex5512-t0 vmg4005-b50a ax7501-b1_firmware nebula_fwa510_firmware gm4100-b0_firmware ex7501-b0_firmware pm5100-t1 dx3300-t1_firmware ex3510-b1 nebula_lte3301-plus pm5100-t0_firmware wx3401-b1_firmware vmg3625-t50b px3321-t1 ex3501-t0_firmware nebula_fwa505_firmware ex7710-b0_firmware dx4510-b0 nebula_fwa505 nebula_lte3301-plus_firmware ee5301-00 vmg4005-b60a_firmware emg3525-t50b_firmware pm3100-t0 pm7300-t0_firmware ee3301-00 pe3301-00 dx5401-b1 ex2210-t0_firmware gm4100-b0 px5301-t0 ex5401-b1_firmware emg3525-t50b ex5510-b0_firmware wx3100-t0 dx5401-b1_firmware ex5601-t1 ee3301-00_firmware pm7300-t0 pe5301-01 lte3301-plus_firmware ex2210-t0 wx5610-b0_firmware vmg8623-t50b_firmware nebula_fwa710_firmware wx3401-b1 wx5610-b0 dx3301-t0 ex3301-t0 ex3510-b0 pm7500-00_firmware nebula_fwa515_firmware ee5301-00_firmware ex7501-b0 ex5401-b1 wx5600-t0_firmware pm5100-t1_firmware ee6510-10 ex3510-b1_firmware ex3500-t0 ex3600-t0 px5301-t0_firmware ex3300-t1_firmware dx4510-b1 scr_50axe dx3301-t0_firmware ex3500-t0_firmware vmg3625-t50b_firmware pm7500-00 vmg4005-b50a_firmware vmg8623-t50b ex5601-t0_firmware we3300-00_firmware nebula_fwa515 scr_50axe_firmware ex3301-t0_firmware nebula_fwa710 dx3300-t0 ee6510-10_firmware vmg4005-b60a ex5601-t0 dx3300-t1 ex3510-b0_firmware ex7710-b0 wx3100-t0_firmware ex3300-t0 ex3300-t1 nebula_fwa510 we3300-00 ex5512-t0_firmware pm5100-t0 wx5600-t0 ex3300-t0_firmware emg5523-t50b_firmware px3321-t1_firmware dx4510-b1_firmware ex3501-t0 pe5301-01_firmware ex3600-t0_firmware ax7501-b1 lte3301-plus dx3300-t0_firmware pe3301-00_firmware emg5523-t50b pm3100-t0_firmware VMG3625-T50B firmware WX3100-T0 firmware

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2025-11846

Assigner-Zyxel Corporation

View Details

Assigner-Zyxel Corporation

CVSS Score-4.9||MEDIUM

EPSS-0.06% / 19.40%

||

7 Day CHG~0.00%

Published-24 Feb, 2026 | 01:37

Updated-25 Feb, 2026 | 18:14

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Vendor-Zyxel Networks Corporation

Product-dx4510-b0_firmware ex5601-t1_firmware ex5510-b0 ex5512-t0 vmg4005-b50a ax7501-b1_firmware nebula_fwa510_firmware gm4100-b0_firmware ex7501-b0_firmware pm5100-t1 dx3300-t1_firmware ex3510-b1 nebula_lte3301-plus pm5100-t0_firmware wx3401-b1_firmware vmg3625-t50b px3321-t1 ex3501-t0_firmware nebula_fwa505_firmware ex7710-b0_firmware dx4510-b0 nebula_fwa505 nebula_lte3301-plus_firmware ee5301-00 vmg4005-b60a_firmware emg3525-t50b_firmware pm3100-t0 pm7300-t0_firmware ee3301-00 pe3301-00 dx5401-b1 ex2210-t0_firmware gm4100-b0 px5301-t0 ex5401-b1_firmware emg3525-t50b ex5510-b0_firmware wx3100-t0 dx5401-b1_firmware ex5601-t1 ee3301-00_firmware pm7300-t0 pe5301-01 lte3301-plus_firmware ex2210-t0 wx5610-b0_firmware vmg8623-t50b_firmware nebula_fwa710_firmware wx3401-b1 wx5610-b0 dx3301-t0 ex3301-t0 ex3510-b0 pm7500-00_firmware nebula_fwa515_firmware ee5301-00_firmware ex7501-b0 ex5401-b1 wx5600-t0_firmware pm5100-t1_firmware ee6510-10 ex3510-b1_firmware ex3500-t0 ex3600-t0 px5301-t0_firmware ex3300-t1_firmware dx4510-b1 scr_50axe dx3301-t0_firmware ex3500-t0_firmware vmg3625-t50b_firmware pm7500-00 vmg4005-b50a_firmware vmg8623-t50b ex5601-t0_firmware we3300-00_firmware nebula_fwa515 scr_50axe_firmware ex3301-t0_firmware nebula_fwa710 dx3300-t0 ee6510-10_firmware vmg4005-b60a ex5601-t0 dx3300-t1 ex3510-b0_firmware ex7710-b0 wx3100-t0_firmware ex3300-t0 ex3300-t1 nebula_fwa510 we3300-00 ex5512-t0_firmware pm5100-t0 wx5600-t0 ex3300-t0_firmware emg5523-t50b_firmware px3321-t1_firmware dx4510-b1_firmware ex3501-t0 pe5301-01_firmware ex3600-t0_firmware ax7501-b1 lte3301-plus dx3300-t0_firmware pe3301-00_firmware emg5523-t50b pm3100-t0_firmware VMG3625-T50B firmware WX3100-T0 firmware

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2025-11845

Assigner-Zyxel Corporation

View Details

Assigner-Zyxel Corporation

CVSS Score-4.9||MEDIUM

EPSS-0.07% / 20.75%

||

7 Day CHG~0.00%

Published-24 Feb, 2026 | 01:30

Updated-25 Feb, 2026 | 18:10

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Vendor-Zyxel Networks Corporation

Product-dx4510-b0_firmware ex5601-t1_firmware ex5510-b0 ex5512-t0 vmg4005-b50a ax7501-b1_firmware nebula_fwa510_firmware gm4100-b0_firmware ex7501-b0_firmware pm5100-t1 dx3300-t1_firmware ex3510-b1 nebula_lte3301-plus pm5100-t0_firmware wx3401-b1_firmware vmg3625-t50b px3321-t1 ex3501-t0_firmware nebula_fwa505_firmware ex7710-b0_firmware dx4510-b0 nebula_fwa505 nebula_lte3301-plus_firmware ee5301-00 vmg4005-b60a_firmware emg3525-t50b_firmware pm3100-t0 pm7300-t0_firmware ee3301-00 pe3301-00 dx5401-b1 ex2210-t0_firmware gm4100-b0 px5301-t0 ex5401-b1_firmware emg3525-t50b ex5510-b0_firmware wx3100-t0 dx5401-b1_firmware ex5601-t1 ee3301-00_firmware pm7300-t0 pe5301-01 lte3301-plus_firmware ex2210-t0 wx5610-b0_firmware vmg8623-t50b_firmware nebula_fwa710_firmware wx3401-b1 wx5610-b0 dx3301-t0 ex3301-t0 ex3510-b0 pm7500-00_firmware nebula_fwa515_firmware ee5301-00_firmware ex7501-b0 ex5401-b1 wx5600-t0_firmware pm5100-t1_firmware ee6510-10 ex3510-b1_firmware ex3500-t0 ex3600-t0 px5301-t0_firmware ex3300-t1_firmware dx4510-b1 scr_50axe dx3301-t0_firmware ex3500-t0_firmware vmg3625-t50b_firmware pm7500-00 vmg4005-b50a_firmware vmg8623-t50b ex5601-t0_firmware we3300-00_firmware nebula_fwa515 scr_50axe_firmware ex3301-t0_firmware nebula_fwa710 dx3300-t0 ee6510-10_firmware vmg4005-b60a ex5601-t0 dx3300-t1 ex3510-b0_firmware ex7710-b0 wx3100-t0_firmware ex3300-t0 ex3300-t1 nebula_fwa510 we3300-00 ex5512-t0_firmware pm5100-t0 wx5600-t0 ex3300-t0_firmware emg5523-t50b_firmware px3321-t1_firmware dx4510-b1_firmware ex3501-t0 pe5301-01_firmware ex3600-t0_firmware ax7501-b1 lte3301-plus dx3300-t0_firmware pe3301-00_firmware emg5523-t50b pm3100-t0_firmware VMG3625-T50B firmware WX3100-T0 firmware

CWE ID-CWE-476

NULL Pointer Dereference

pm5100-t1_firmware

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -