CVE-2026-3870
Deferred Deferred - Pending Action
Buffer Overflow in Zyxel VMG4005-B50B Firmware via UPnP

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: Zyxel Corporation

Description
A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-3870
EUVD
EUVD-2026-33873
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
zyxel vmg4005-b50b to 5.13(abrL.5.5)c0 (exc)
zyxel nr7101 to 1.00(abuv.12)b4 (exc)
zyxel nebula_lte3301-plus to 1.18(accA.8)v0 (exc)
zyxel nebula_nr7101 to 1.16(accc.3)v0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3870 is a buffer overflow vulnerability found in the UPnP AddPortMapping() command of Zyxel VMG4005-B50B firmware versions up to 5.13(ABRL.5.4)C0.

This vulnerability allows an adjacent attacker within the same LAN or WLAN environment to exploit the buffer overflow and cause a temporary denial-of-service (DoS) condition that affects the UPnP function of the device.

Despite the DoS affecting the UPnP function, the device continues to process normal network traffic without interruption.

Impact Analysis

An attacker located within the same local network (LAN or WLAN) can exploit this vulnerability to cause a temporary denial-of-service (DoS) on the UPnP function of the affected Zyxel device.

This means that UPnP services may become temporarily unavailable, potentially disrupting applications or devices relying on UPnP for network configuration.

However, the overall network traffic and device operation will continue normally, so the impact is limited to the UPnP functionality.

Mitigation Strategies

To mitigate this vulnerability, users should install the firmware patches released by Zyxel that address the buffer overflow in the UPnP AddPortMapping() command.

For affected devices such as the Zyxel VMG4005-B50B with firmware version 5.13(ABRL.5.4)C0 or earlier, upgrade to firmware version 5.13(ABRL.5.5)C0 or later.

Users who purchased devices independently should contact local Zyxel support or visit the Zyxel Community for assistance.

ISP customers should contact their provider for support and firmware updates.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3870. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart