—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Zyxel 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

4G LTE/5G NR CPE

LTE3301-PLUS 1.00(ABQU.7)C0 and earlier

NR5103 4.19(ABYC.8)C0 and earlier

NR5103E 1.00(ACDJ.1)C0 and earlier

NR5309 1.00(ACKP.1)b3 and earlier

NR7302 5.00(ACHA.5)C0 and earlier

NR7303 1.00(ACEI.1)C0 and earlier

Nebula FWA505 1.19(ACKO.0)C0 and earlier

Nebula FWA510 1.20(ACGD.1)C0 and earlier

Nebula FWA515 1.50(ACPZ.0)C0 and earlier

Nebula FWA710 1.20(ACGC.0)C0 and earlier

DSL/Ethernet CPE

DM4200-B0 5.17(ACBS.1.3)C0 and earlier

DX3300-T0 5.50(ABVY.6.3)C0 and earlier

DX3300-T1 5.50(ABVY.6.3)C0 and earlier

DX3301-T0 5.50(ABVY.6.3)C0 and earlier

DX4510-B1 5.17(ABYL.9)C0 and earlier

DX5401-B0 5.17(ABYO.7)b2 and earlier

DX5401-B1 5.17(ABYO.7)b2 and earlier

EE3301-00 5.63(ACMU.1.1)C0 and earlier

EE5301-00 5.63(ACLD.1.1)C0 and earlier

EE6510-10 5.19(ACJQ.3)C0 and earlier

EX3300-T0 5.50(ABVY.6.3)C0 and earlier

5.50(ACDI.2.1)C0 and earlier

EX3300-T1 5.50(ABVY.6.3)C0 and earlier

EX3301-T0 5.50(ABVY.6.3)C0 and earlier

EX3500-T0 5.44(ACHR.4)C0 and earlier

EX3501-T0 5.44(ACHR.4)C0 and earlier

EX3600-T0 5.70(ACIF.1.2)C0 and earlier

EX5401-B0 5.17(ABYO.7)b2 and earlier

EX5401-B1 5.17(ABYO.7)b2 and earlier

EX5501-B0 5.17(ABRY.5.5)C0 and earlier

EX5510-B0 5.17(ABQX.10)C0 and earlier

EX5512-T0 5.70(ACEG.5)C0 and earlier

EX5601-T0 5.70(ACDZ.4.1)C0 and earlier

EX5601-T1 5.70(ACDZ.4.1)C0 and earlier

EX7501-B0 5.18(ACHN.2.1)C0 and earlier

EX7710-B0 5.18(ACAK.1.4)C0 and earlier

EMG3525-T50B 5.50(ABPM.9.5)C0 and earlier

EMG5523-T50B 5.50(ABPM.9.5)C0 and earlier

EMG5723-T50K 5.50(ABOM.8.6)C0 and earlier

EMG6726-B10A 5.13(ABNP.8)C0 and earlier

GM4100-B0 5.18(ACCL.1)C0 and earlier

VMG3625-T50B 5.50(ABPM.9.5)C0 and earlier

VMG3927-B50B 5.13(ABLY.10)C0 and earlier

VMG3927-T50K 5.50(ABOM.8.6)C0 and earlier

VMG4005-B50A 5.17(ABQA.3)C0 and earlier

VMG4005-B60A 5.17(ABQA.3)C0 and earlier

VMG4005-B50B 5.13(ABRL.5.3)C0 and earlier

VMG4927-B50A 5.13(ABLY.10)C0 and earlier

VMG8623-T50B 5.50(ABPM.9.5)C0 and earlier

VMG8825-T50K 5.50(ABOM.8.6)C0 and earlier

Fiber ONTs

AX7501-B0 5.17(ABPC.6.1)C0 and earlier

AX7501-B1 5.17(ABPC.6.1)C0 and earlier

PE3301-00 5.63(ACMT.1.1)C0 and earlier

PE5301-01 5.63(ACOJ.1.1)C0 and earlier

PM3100-T0 5.42(ACBF.3)C0 and earlier

PM5100-T0 5.42(ACBF.3)C0 and earlier

PM7500-00 5.61(ACKK.1)C0 and earlier

PM7300-T0 5.42(ABYY.3)C0 and earlier

PX3321-T1 5.44(ACJB.1.3)C0 and earlier

5.44(ACHK.1)C0 and earlier

PX5301-T0 5.44(ACKB.0.4)C0 and earlier

Security Routers

SCR 50AXE 1.10(ACGN.3)C0 and earlier

Wireless Extenders

WE3300-00 5.70(ACKA.0)C0 and earlier

WX3100-T0 5.50(ABVL.4.7)C0 and earlier

WX3401-B0 5.17(ABVE.2.8)C0 and earlier

WX3401-B1 5.17(ABVE.2.8)C0 and earlier

WX5600-T0 5.70(ACEB.4.1)C0 and earlier

WX5610-B0 5.18(ACGJ.0.3)C0 and earlier

Overview

Multiple vulnerabilities have been reported in Zyxel devices, including 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders which could be exploited by an attacker to execute arbitrary Operating System (OS) command as well as enable a Slowloris-style attack that exhausts the web server¿s resources, block legitimate users from accessing the web management interface and potentially result in Denial-of-Service (DoS) on the targeted system.

Target Audience:

Home / SOHO Users (Small Office/Home Office), IT and Network Administrators, Managed Service Providers (MSPs) / ISPs (Internet Service Providers)

Risk Assessment:

Critical risks on confidentiality, integrity, and availability of the systems.

Impact Assessment:

Compromise of integrity and confidentiality.

Description

Zyxel Communications is a global leader in providing comprehensive wired and wireless broadband networking and security solutions for service providers, small to medium-sized businesses, and home users.

1. Post-Authentication Command Injection Vulnerability ( CVE-2025-8693   )

A  Vulnerability exists in Zyxel devices including 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders due to improper input validation in the handling of the ‘priv’ parameter within a CGI program on the web management interface.

Successfully exploitation of this vulnerability could allow an attacker to execute arbitrary operating system (OS) commands on the affected device, potentially leading to a complete compromise of the router.

2. Uncontrolled Resource Consumption Vulnerability ( CVE-2025-6599   )

A Vulnerability exists in Zyxel devices including 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders could allow an remote attacker to perform a Slowloris-style Denial-of-Service (DoS) attack on the web server. This attack may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface.

Successfully exploitation of this vulnerability could allow an attacker to exhaust the web servers resources by opening and maintaining numerous slow HTTP connections, block legitimate administrative access.

Solution

Apply appropriate software updates as mentioned :

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025

Vendor Information

Zyxel Networks

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025

CVE Name

CVE-2025-8693

CVE-2025-6599

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkexzUACgkQ3jCgcSdc

ys/LHQ//SWg+44lpDQH1xNFGjpvKZM3SohDSB0d2kkKNQNYQhN2xBY6MvaP7n6DE

ivJei4A1WIUzMQmPlaeZZ5By5LfgCMcapKzrL/sCNXeUj3dFxTFRQGBVo7VBjp+k

rfaSH9vPtrnaBzWu1tK3tNY5heKcFQGnfacy3dbySMlljFI/qRsQ/HKIEc3QrgtD

oZuu5yqzVK9u8QmPBGI0QWX1mwJszIScIpCYUY+QwGLEe+he6qjGGl2kQWI0dx0V

ppjoD8scOtIcyhoFLaUlT1QYQ83Cr4AQu5CicvDKlNn5RzV3cWg+NPv44HAPYzmJ

i0Gs4NxShJs8GsP16G6ffXvuPxZoVbYx8aFsNpYtaq7stQHG4bAjuxhapN+ZSqoM

2iz8Y5H5rVFz9hOY4Mh+uv2G52uMPXH+1Z4bZ44gs3G9Nv8+R/KVNuaXHdO4NDPV

LsloUujVsovqtVi/LNIMvgM/06VN/LeHIW/JJqpFj4LnFj3u4/6VT8engiyHX/0P

Bii12kg0O4ky2vSKflPYB2XaZtb9eoJv9qFAF0JXsBqpOkWjGJ4HNYn4yr0aW0Hy

pKVZagWo0y4I0+L8vI+XBswUOZNoDTbXWuccJRKn2oUCBxMpsYquW0zE04ROjx8u

HbZiSttvMlgp1weNuDEXjMAGNRu89IVrBOKelqUrUL72gd/ezQ0=

=8zpf

—–END PGP SIGNATURE—–