CVE-2025-7673

Critical CVSS: 9.8

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

Vendor

Zyxel

Product

Emg3525-t50b Firmware

CWE

CWE-120

Yayın Tarihi

2025-07-16 07:15:24

Güncelleme

2026-01-14 17:52:29

Source Identifier

security@zyxel.com.tw

KEV Date Added

Kategoriler

CWE-120 Emg3525-t50b Firmware CRITICAL Zyxel 2025

Referanslar

https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe

Benzer Kayıtlar

Medium

CVE-2025-11848

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version throu…

Critical

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C…

High

CVE-2025-13943

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware…

High

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG362…

Medium

CVE-2025-11847

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions thro…

Medium

CVE-2025-11846

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions…