CVE-2025-11846
Received Received - Intake
Null Pointer Dereference in Zyxel Firmware Causes DoS

Publication date: 2026-02-24

Last updated on: 2026-02-25

Assigner: Zyxel Corporation

Description
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11846
EUVD
EUVD-2025-207556
Affected Vendors & Products
Showing 55 associated CPEs
Vendor Product Version / Range
zyxel lte3301-plus_firmware to 1.00(abqu.9 (exc)
zyxel nebula_fwa505_firmware to 1.60(acko.2 (exc)
zyxel nebula_fwa510_firmware to 1.60(acgd.0 (exc)
zyxel nebula_fwa515_firmware to 1.60(acpz.0 (exc)
zyxel nebula_fwa710_firmware to 1.60(acgc.1 (exc)
zyxel ee5301-00_firmware to 5.63(acld.2.1 (exc)
zyxel ee3301-00_firmware to 5.63(acmu.2.1 (exc)
zyxel dx5401-b1_firmware to 5.17(abyo.7.1 (exc)
zyxel dx4510-b1_firmware to 5.17(abyl.10.1 (exc)
zyxel dx4510-b0_firmware to 5.17(abyl.10.1 (exc)
zyxel dx3301-t0_firmware to 5.50(abvy.7.1 (exc)
zyxel dx3300-t1_firmware to 5.50(abvy.7.1 (exc)
zyxel dx3300-t0_firmware to 5.50(abvy.7.1 (exc)
zyxel ee6510-10_firmware to 5.19(acjq.4.1 (exc)
zyxel emg3525-t50b_firmware to 5.50(abpm.9.7 (exc)
zyxel nebula_lte3301-plus_firmware to 1.18(acca.6 (exc)
zyxel emg5523-t50b_firmware to 5.50(abpm.9.7 (exc)
zyxel ex2210-t0_firmware to 5.50(acdi.2.3 (exc)
zyxel ex3300-t0_firmware to 5.50(abvy.7.1 (exc)
zyxel ex3300-t1_firmware to 5.50(abvy.7.1 (exc)
zyxel ex3301-t0_firmware to 5.50(abvy.7.1 (exc)
zyxel ex3500-t0_firmware to 5.44(achr.5.1 (exc)
zyxel ex3501-t0_firmware to 5.44(achr.5.1 (exc)
zyxel ex3510-b0_firmware to 5.17(abup.15.2 (exc)
zyxel ex3510-b1_firmware to 5.17(abup.15.2 (exc)
zyxel ex3600-t0_firmware to 5.70(acif.2.1 (exc)
zyxel ex5401-b1_firmware to 5.17(abyo.7.1 (exc)
zyxel ex5510-b0_firmware to 5.17(abqx.11.1 (exc)
zyxel ex5512-t0_firmware to 5.70(aceg.5.3 (exc)
zyxel ex5601-t0_firmware to 5.70(acdz.5.1 (exc)
zyxel ex5601-t1_firmware to 5.70(acdz.5.1 (exc)
zyxel ex7501-b0_firmware to 5.18(achn.3.1 (exc)
zyxel ex7710-b0_firmware to 5.18(acak.1.6 (exc)
zyxel gm4100-b0_firmware to 5.18(accl.2 (exc)
zyxel pm7500-00_firmware to 5.61(ackk.1.2 (exc)
zyxel vmg3625-t50b_firmware to 5.50(abpm.9.7 (exc)
zyxel vmg4005-b50a_firmware to 5.17(abqa.3.2 (exc)
zyxel vmg4005-b60a_firmware to 5.17(abqa.3.2 (exc)
zyxel ax7501-b1_firmware to 5.17(abpc.7.1 (exc)
zyxel pe3301-00_firmware to 5.63(acmt.2.1 (exc)
zyxel pe5301-01_firmware to 5.63(acoj.2.1 (exc)
zyxel pm3100-t0_firmware to 5.42(acbf.4.1 (exc)
zyxel pm5100-t0_firmware to 5.42(acbf.4.1 (exc)
zyxel pm5100-t1_firmware to 5.42(acbf.4.1 (exc)
zyxel pm7300-t0_firmware to 5.42(abyy.4.1 (exc)
zyxel px3321-t1_firmware to 5.44(achk.3 (exc)
zyxel px3321-t1_firmware to 5.44(acjb.1.5 (exc)
zyxel px5301-t0_firmware to 5.44(ackb.0.6 (exc)
zyxel scr_50axe_firmware to 1.30(acgn.0 (exc)
zyxel vmg8623-t50b_firmware to 5.50(abpm.9.7 (exc)
zyxel we3300-00_firmware to 5.70(acka.1.1 (exc)
zyxel wx3100-t0_firmware to 5.50(abvl.4.9 (exc)
zyxel wx3401-b1_firmware to 5.17(abve.2.10 (exc)
zyxel wx5600-t0_firmware to 5.70(aceb.5.1 (exc)
zyxel wx5610-b0_firmware to 5.18(acgj.0.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11846 is a null pointer dereference vulnerability found in the account settings CGI program of certain Zyxel devices. This vulnerability allows an authenticated attacker with administrator privileges to cause a denial-of-service (DoS) condition by sending a specially crafted HTTP request to the affected device.

The attack requires administrator-level authentication and can only be exploited if the device’s WAN access is enabled and user-configured passwords have been compromised, as WAN access is disabled by default on these devices.

Impact Analysis

This vulnerability can impact you by allowing an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition on the affected Zyxel device. This means the device could become unresponsive or stop functioning properly, potentially disrupting network connectivity or services that rely on the device.

Exploitation requires that the attacker has administrator access and that WAN access is enabled with compromised passwords, which could lead to service interruptions and operational downtime.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for specially crafted HTTP requests sent to the account settings CGI program on affected Zyxel devices. Since exploitation requires administrator-level authentication and involves sending crafted HTTP requests, inspecting HTTP logs for unusual or malformed requests targeting the account settings CGI endpoint may help identify attempts.

Additionally, verifying the firmware version on your Zyxel devices can help detect if they are vulnerable. Devices running firmware versions through 5.50(ABPM.9.6)C0 for VMG3625-T50B and through 5.50(ABVL.4.8)C0 for WX3100-T0 are affected.

Suggested commands to check firmware version on Zyxel devices typically include accessing the device via SSH or web interface and running commands like:

  • ssh admin@<device_ip>
  • show version
  • cat /etc/version

For network detection, using tools like tcpdump or Wireshark to capture HTTP traffic and filter for requests to the account settings CGI endpoint may help identify suspicious activity.

Mitigation Strategies

Immediate mitigation steps include applying the latest firmware updates released by Zyxel for all affected devices and models. Zyxel has provided patches for all vulnerable firmware versions.

Since exploitation requires administrator privileges and WAN access enabled, ensure that WAN access is disabled if not needed, and change all user-configured passwords to strong, unique passwords to prevent unauthorized access.

Contact Zyxel sales or support to obtain the appropriate firmware updates and apply them promptly to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11846. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart