CVE-2025-6599
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-12-16
Assigner: Zyxel Corporation
Description
Description
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zyxel | lte3301-plus_firmware | to 1.00\(abqu.7\)c0 (inc) |
| zyxel | lte3301-plus | * |
| zyxel | nr5103_firmware | to 4.19\(abyc.8\)c0 (inc) |
| zyxel | nr5103 | * |
| zyxel | nr5103e_firmware | to 1.00\(acdj.1\)c0 (inc) |
| zyxel | nr5103e | * |
| zyxel | nr5309_firmware | to 1.00\(ackp.1\)b3 (inc) |
| zyxel | nr5309 | * |
| zyxel | nr7302_firmware | to 5.00\(acha.5\)c0 (inc) |
| zyxel | nr7302 | * |
| zyxel | nr7303_firmware | to 1.00\(acei.1\)c0 (inc) |
| zyxel | nr7303 | * |
| zyxel | nebula_fwa505_firmware | to 1.19\(acko.0\)c0 (inc) |
| zyxel | nebula_fwa505 | * |
| zyxel | nebula_fwa510_firmware | to 1.20\(acgd.1\)c0 (inc) |
| zyxel | nebula_fwa510 | * |
| zyxel | nebula_fwa515_firmware | to 1.50\(acpz.0\)c0 (inc) |
| zyxel | nebula_fwa515 | * |
| zyxel | nebula_fwa710_firmware | to 1.20\(acgc.0\)c0 (inc) |
| zyxel | nebula_fwa710 | * |
| zyxel | dm4200-b0_firmware | to 5.17\(acbs.1.3\)c0 (inc) |
| zyxel | dm4200-b0 | * |
| zyxel | dx3300-t0_firmware | to 5.50\(abvy.6.3\)c0 (inc) |
| zyxel | dx3300-t0 | * |
| zyxel | dx3300-t1_firmware | to 5.50\(abvy.6.3\)c0 (inc) |
| zyxel | dx3300-t1 | * |
| zyxel | dx3301-t0_firmware | to 5.50\(abvy.6.3\)c0 (inc) |
| zyxel | dx3301-t0 | * |
| zyxel | dx4510-b1_firmware | to 5.17\(abyl.9\)c0 (inc) |
| zyxel | dx4510-b1 | * |
| zyxel | dx5401-b0_firmware | to 5.17\(abyo.7\)b2 (inc) |
| zyxel | dx5401-b0 | * |
| zyxel | dx5401-b1_firmware | to 5.17\(abyo.7\)b2 (inc) |
| zyxel | dx5401-b1 | * |
| zyxel | ee3301-00_firmware | to 5.63\(acmu.1.1\)c0 (inc) |
| zyxel | ee3301-00 | * |
| zyxel | ee5301-00_firmware | to 5.63\(acld.1.1\)c0 (inc) |
| zyxel | ee5301-00 | * |
| zyxel | ee6510-10_firmware | to 5.19\(acjq.3\)c0 (inc) |
| zyxel | ee6510-10 | * |
| zyxel | ex3300-t0_firmware | to 5.50\(abvy.6.3\)c0 (inc) |
| zyxel | ex3300-t0 | * |
| zyxel | ex3300-t0_firmware | to 5.50\(acdi.2.1\)c0 (inc) |
| zyxel | ex3300-t0 | * |
| zyxel | ex3300-t1_firmware | to 5.50\(abvy.6.3\)c0 (inc) |
| zyxel | ex3300-t1 | * |
| zyxel | ex3301-t0_firmware | to 5.50\(abvy.6.3\)c0 (inc) |
| zyxel | ex3301-t0 | * |
| zyxel | ex3500-t0_firmware | to 5.44\(achr.4\)c0 (inc) |
| zyxel | ex3500-t0 | * |
| zyxel | ex3501-t0_firmware | to 5.44\(achr.4\)c0 (inc) |
| zyxel | ex3501-t0 | * |
| zyxel | ex3600-t0_firmware | to 5.70\(acif.1.2\)c0 (inc) |
| zyxel | ex3600-t0 | * |
| zyxel | ex5401-b0_firmware | to 5.17\(abyo.7\)b2 (inc) |
| zyxel | ex5401-b0 | * |
| zyxel | ex5401-b1_firmware | to 5.17\(abyo.7\)b2 (inc) |
| zyxel | ex5401-b1 | * |
| zyxel | ex5501-b0_firmware | to 5.17\(abry.5.5\)c0 (inc) |
| zyxel | ex5501-b0 | * |
| zyxel | ex5510-b0_firmware | to 5.17\(abqx.10\)c0 (inc) |
| zyxel | ex5510-b0 | * |
| zyxel | ex5512-t0_firmware | to 5.70\(aceg.5\)c0 (inc) |
| zyxel | ex5512-t0 | * |
| zyxel | ex5601-t0_firmware | to 5.70\(acdz.4.1\)c0 (inc) |
| zyxel | ex5601-t0 | * |
| zyxel | ex5601-t1_firmware | to 5.70\(acdz.4.1\)c0 (inc) |
| zyxel | ex5601-t1 | * |
| zyxel | ex7501-b0_firmware | to 5.18\(achn.2.1\)c0 (inc) |
| zyxel | ex7501-b0 | * |
| zyxel | ex7710-b0_firmware | to 5.18\(acak.1.4\)c0 (inc) |
| zyxel | ex7710-b0 | * |
| zyxel | emg3525-t50b_firmware | to 5.50\(abpm.9.5\)c0 (inc) |
| zyxel | emg3525-t50b | * |
| zyxel | emg5523-t50b_firmware | to 5.50\(abpm.9.5\)c0 (inc) |
| zyxel | emg5523-t50b | * |
| zyxel | emg5723-t50k_firmware | to 5.50\(abom.8.6\)c0 (inc) |
| zyxel | emg5723-t50k | * |
| zyxel | emg6726-b10a_firmware | to 5.13\(abnp.8\)c0 (inc) |
| zyxel | emg6726-b10a | * |
| zyxel | gm4100-b0_firmware | to 5.18\(accl.1\)c0 (inc) |
| zyxel | gm4100-b0 | * |
| zyxel | vmg3625-t50b_firmware | to 5.50\(abpm.9.5\)c0 (inc) |
| zyxel | vmg3625-t50b | * |
| zyxel | vmg3927-b50b_firmware | to 5.13\(ably.10\)c0 (inc) |
| zyxel | vmg3927-b50b | * |
| zyxel | vmg3927-t50k_firmware | to 5.50\(abom.8.6\)c0 (inc) |
| zyxel | vmg3927-t50k | * |
| zyxel | vmg4005-b50a_firmware | to 5.17\(abqa.3\)c0 (inc) |
| zyxel | vmg4005-b50a | * |
| zyxel | vmg4005-b60a_firmware | to 5.17\(abqa.3\)c0 (inc) |
| zyxel | vmg4005-b60a | * |
| zyxel | vmg4005-b50b_firmware | to 5.13\(abrl.5.3\)c0 (inc) |
| zyxel | vmg4005-b50b | * |
| zyxel | vmg4927-b50a_firmware | to 5.13\(ably.10\)c0 (inc) |
| zyxel | vmg4927-b50a | * |
| zyxel | vmg8623-t50b_firmware | to 5.50\(abpm.9.5\)c0 (inc) |
| zyxel | vmg8623-t50b | * |
| zyxel | vmg8825-t50k_firmware | to 5.50\(abom.8.6\)c0 (inc) |
| zyxel | vmg8825-t50k | * |
| zyxel | ax7501-b0_firmware | to 5.17\(abpc.6.1\)c0 (inc) |
| zyxel | ax7501-b0 | * |
| zyxel | ax7501-b1_firmware | to 5.17\(abpc.6.1\)c0 (inc) |
| zyxel | ax7501-b1 | * |
| zyxel | pe3301-00_firmware | to 5.63\(acmt.1.1\)c0 (inc) |
| zyxel | pe3301-00 | * |
| zyxel | pe5301-01_firmware | to 5.63\(acoj.1.1\)c0 (inc) |
| zyxel | pe5301-01 | * |
| zyxel | pm3100-t0_firmware | to 5.42\(acbf.3\)c0 (inc) |
| zyxel | pm3100-t0 | * |
| zyxel | pm5100-t0_firmware | to 5.42\(acbf.3\)c0 (inc) |
| zyxel | pm5100-t0 | * |
| zyxel | pm7500-00_firmware | to 5.61\(ackk.1\)c0 (inc) |
| zyxel | pm7500-00 | * |
| zyxel | pm7300-t0_firmware | to 5.42\(abyy.3\)c0 (inc) |
| zyxel | pm7300-t0 | * |
| zyxel | px3321-t1_firmware | to 5.44\(acjb.1.3\)c0 (inc) |
| zyxel | px3321-t1 | * |
| zyxel | px3321-t1_firmware | to 5.44\(achk.1\)c0 (inc) |
| zyxel | px3321-t1 | * |
| zyxel | px5301-t0_firmware | to 5.44\(ackb.0.4\)c0 (inc) |
| zyxel | px5301-t0 | * |
| zyxel | scr_50axe_firmware | to 1.10\(acgn.3\)c0 (inc) |
| zyxel | scr_50axe | * |
| zyxel | we3300-00_firmware | to 5.70\(acka.0\)c0 (inc) |
| zyxel | we3300-00 | * |
| zyxel | wx3100-t0_firmware | to 5.50\(abvl.4.7\)c0 (inc) |
| zyxel | wx3100-t0 | * |
| zyxel | wx3401-b0_firmware | to 5.17\(abve.2.8\)c0 (inc) |
| zyxel | wx3401-b0 | * |
| zyxel | wx3401-b1_firmware | to 5.17\(abve.2.8\)c0 (inc) |
| zyxel | wx3401-b1 | * |
| zyxel | wx5600-t0_firmware | to 5.70\(aceb.4.1\)c0 (inc) |
| zyxel | wx5600-t0 | * |
| zyxel | wx5610-b0_firmware | to 5.18\(acgj.0.3\)c0 (inc) |
| zyxel | wx5610-b0 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an uncontrolled resource consumption issue in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier. It allows an attacker to perform Slowloris-style denial-of-service (DoS) attacks, which can temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to perform Slowloris-style DoS attacks that temporarily block legitimate HTTP requests and partially disrupt access to the web management interface of the affected device. However, other networking services on the device remain unaffected.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70