Zyxel VMG3625-T50B and WX3100-T0 Null Pointer Dereference Vulnerability Allowing Denial-of-Service

A null pointer dereference vulnerability has been identified in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0, and in the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0. This vulnerability could allow an authenticated attacker with administrator privileges to trigger a denial-of-service condition by sending a crafted HTTP request. WAN access is disabled by default on these devices, and the attack can only succeed if user-configured passwords have been compromised.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the device to become unresponsive or unavailable.

Remediation

Users are advised to update to Zyxel VMG3625-T50B version 5.50(ABPM.9.7)C0 or Zyxel WX3100-T0 version 5.50(ABVL.4.9)C0. For devices obtained through an ISP, contact the ISP's support team. For other users, reach out to the local Zyxel support team or visit Zyxel's Community for assistance.