CVE-2025-6599

Medium CVSS: 5.3

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

Vendor

Zyxel

Product

Lte3301-plus Firmware

CWE

CWE-400

Yayın Tarihi

2025-11-18 02:15:45

Güncelleme

2025-12-16 21:19:59

Source Identifier

security@zyxel.com.tw

KEV Date Added

Kategoriler

CWE-400 Lte3301-plus Firmware MEDIUM Zyxel 2025

Referanslar

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025

Benzer Kayıtlar

Medium

CVE-2025-11848

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version throu…

Critical

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C…

High

CVE-2025-13943

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware…

High

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG362…

Medium

CVE-2025-11847

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions thro…

Medium

CVE-2025-11846

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions…