Primary

Context

ZLAN Information Technology Co. ZLAN5143D Missing Authentication Vulnerability Allowing Password Reset

Vulnerability

A vulnerability exists in the ZLAN Information Technology Co. ZLAN5143D device, specifically in version 1.600. An unprotected API endpoint allows attackers to remotely change the device password without authentication. This vulnerability bypasses authentication mechanisms, potentially leading to unauthorized access or control over the device.

Impact

Exploitation of this vulnerability allows for authentication bypass and unauthorized password changes, which could lead to unauthorized access or control over the affected device.

Remediation

ZLAN Information Technology Co. did not respond to CISA's attempts at coordination. Users of ZLAN5143D devices are encouraged to contact ZLAN and keep their systems up to date.

Added: Feb 11, 2026, 5:40 PM

Updated: Feb 11, 2026, 6:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZLAN Information Technology Co. ZLAN5143D Missing Authentication Vulnerability Allowing Password Reset

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating