CVE-2026-6058
Received Received - Intake
Improper Encoding in Zyxel WRE6505 CGI Causes DoS

Publication date: 2026-04-21

Last updated on: 2026-04-21

Assigner: Zyxel Corporation

Description
** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the β€œAP Select” page while a malformed SSID is present.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6058
EUVD
EUVD-2026-24051
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zyxel wre6505 v1.00(abdv.3)c0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-116 The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper encoding or escaping issue in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0. It allows an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface. The attacker does this by convincing an authenticated administrator to visit the β€œAP Select” page while a malformed SSID is present.

Compliance Impact

The provided information does not include any details on how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The impact of this vulnerability is a denial-of-service (DoS) condition on the web management interface of the affected Zyxel device. This means that an attacker on the same WLAN can disrupt the administrator's ability to manage the device by causing the interface to become unavailable or unresponsive when the administrator visits the β€œAP Select” page with a malformed SSID present.

Mitigation Strategies

The vulnerability affects Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 and allows an adjacent attacker on the WLAN to cause a denial-of-service condition by exploiting the web management interface.

Since no specific mitigation steps or patches are mentioned in the provided resources, the best immediate action is to avoid having authenticated administrators visit the β€œAP Select” page while a malformed SSID is present on the WLAN.

Additionally, consider restricting WLAN access to trusted users only and monitor for unusual SSID broadcasts that could be malformed.

Long term, consult Zyxel's product lifecycle and support information to plan migration to newer supported products to maintain security and performance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6058. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart