CVE-2026-7255
Received Received - Intake
Improper Authentication Bypass in Zyxel WRE6505 v2 Firmware

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: Zyxel Corporation

Description
** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-12
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-7255
EUVD
EUVD-2026-29375
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zyxel wre6505 v1.00(abdv.3)c0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper restriction of excessive authentication attempts in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0.

It allows an adjacent attacker on the local area network (LAN) to perform brute-force attacks on the password, potentially bypassing authentication.

Impact Analysis

An attacker who is on the same LAN as the vulnerable device could exploit this vulnerability to gain unauthorized access to the device's web management interface.

This could lead to a compromise of the device's configuration and security settings.

According to the CVSS score of 6.5, the impact includes high confidentiality impact but no impact on integrity or availability.

Mitigation Strategies

The vulnerability affects Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 and allows an adjacent attacker on the LAN to brute-force the password and bypass authentication.

Since the provided resources do not include specific mitigation steps or patches for this vulnerability, the best immediate action is to consider upgrading to a newer, supported product or firmware version, as Zyxel advises migrating to newer solutions to maintain security and performance.

Additionally, restricting LAN access to the web management interface and monitoring for unusual authentication attempts may help reduce risk until a proper fix or update is applied.

Compliance Impact

The vulnerability allows an adjacent attacker on the LAN to brute-force the password and bypass authentication on the Zyxel WRE6505 v2 web management interface. This could lead to unauthorized access to the device, potentially exposing sensitive data or network controls.

Such unauthorized access could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data through strong access controls and authentication mechanisms.

However, no specific information is provided in the available resources about direct compliance implications or mitigation steps related to this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7255. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart