Primary

Context

Zyxel VMG3625-T50B Command Injection Vulnerability in TR-369 Certificate Download CGI

Vulnerability

Patched

A post-authentication command injection vulnerability has been identified in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B router. This vulnerability affects firmware versions through 5.50(ABPM.9.7)C0. An authenticated attacker with administrator privileges could exploit this vulnerability to execute operating system commands on the affected device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device's operating system.

Remediation

Users can upgrade to Zyxel's official firmware version 5.50(ABPM.9.8)C0, available in March 2026, to address this vulnerability.

Added: Feb 24, 2026, 3:31 AM

Updated: Feb 24, 2026, 3:31 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.4

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.4

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zyxel VMG3625-T50B Command Injection Vulnerability in TR-369 Certificate Download CGI

Vulnerability

Impact

Remediation

Affected Products

Zyxel VMG3625-T50B

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating