CVE-2026-7255
Received Received - Intake
Improper Authentication Bypass in Zyxel WRE6505 v2 Firmware

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: Zyxel Corporation

Description
** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-12
Generated
2026-05-12
AI Q&A
2026-05-12
EPSS Evaluated
N/A
NVD
CVE-2026-7255
EUVD
EUVD-2026-29375
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zyxel wre6505 v1.00(abdv.3)c0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an improper restriction of excessive authentication attempts in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0.

It allows an adjacent attacker on the local area network (LAN) to perform brute-force attacks on the password, potentially bypassing authentication.


How can this vulnerability impact me? :

An attacker who is on the same LAN as the vulnerable device could exploit this vulnerability to gain unauthorized access to the device's web management interface.

This could lead to a compromise of the device's configuration and security settings.

According to the CVSS score of 6.5, the impact includes high confidentiality impact but no impact on integrity or availability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability affects Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 and allows an adjacent attacker on the LAN to brute-force the password and bypass authentication.

Since the provided resources do not include specific mitigation steps or patches for this vulnerability, the best immediate action is to consider upgrading to a newer, supported product or firmware version, as Zyxel advises migrating to newer solutions to maintain security and performance.

Additionally, restricting LAN access to the web management interface and monitoring for unusual authentication attempts may help reduce risk until a proper fix or update is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart