Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
4.9

Zyxel VMG3625-T50B and WX3100-T0 routers: Denial of Service via Malicious Wake-on-LAN Request

CVE-2025-11848
Summary

An attacker with administrator privileges can crash the router by sending a specially crafted request, causing it to become unavailable. This affects the Wake-on-LAN feature in two specific router models. To protect your network, ensure you have the latest firmware update installed, and consider implementing additional security measures for your router.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
zyxel ee5301-00_firmware <= 5.63\(acld.2.1\)c0
zyxel ee3301-00_firmware <= 5.63\(acmu.2.1\)c0
zyxel dx5401-b1_firmware <= 5.17\(abyo.7.1\)c0
zyxel dx4510-b1_firmware <= 5.17\(abyl.10.1\)c0
zyxel dx4510-b0_firmware <= 5.17\(abyl.10.1\)c0
zyxel dx3301-t0_firmware <= 5.50\(abvy.7.1\)c0
zyxel dx3300-t1_firmware <= 5.50\(abvy.7.1\)c0
zyxel dx3300-t0_firmware <= 5.50\(abvy.7.1\)c0
zyxel ee6510-10_firmware <= 5.19\(acjq.4.1\)c0
zyxel emg3525-t50b_firmware <= 5.50\(abpm.9.7\)c0
zyxel emg5523-t50b_firmware <= 5.50\(abpm.9.7\)c0
zyxel ex2210-t0_firmware <= 5.50\(acdi.2.3\)c0
zyxel ex3300-t0_firmware <= 5.50\(abvy.7.1\)c0
zyxel ex3300-t1_firmware <= 5.50\(abvy.7.1\)c0
zyxel ex3301-t0_firmware <= 5.50\(abvy.7.1\)c0
zyxel ex3500-t0_firmware <= 5.44\(achr.5.1\)c0
zyxel ex3501-t0_firmware <= 5.44\(achr.5.1\)c0
zyxel ex3510-b0_firmware <= 5.17\(abup.15.2\)c0
zyxel ex3510-b1_firmware <= 5.17\(abup.15.2\)c0
zyxel ex3600-t0_firmware <= 5.70\(acif.2.1\)c0
zyxel ex5401-b1_firmware <= 5.17\(abyo.7.1\)c0
zyxel ex5510-b0_firmware <= 5.17\(abqx.11.1\)c0
zyxel ex5512-t0_firmware <= 5.70\(aceg.5.3\)c0
zyxel ex5601-t0_firmware <= 5.70\(acdz.5.1\)c0
zyxel ex5601-t1_firmware <= 5.70\(acdz.5.1\)c0
zyxel ex7501-b0_firmware <= 5.18\(achn.3.1\)c0
zyxel ex7710-b0_firmware <= 5.18\(acak.1.6\)c0
zyxel gm4100-b0_firmware <= 5.18\(accl.2\)c0
zyxel pm7500-00_firmware <= 5.61\(ackk.1.2\)c0
zyxel vmg3625-t50b_firmware <= 5.50\(abpm.9.7\)c0
zyxel vmg4005-b50a_firmware <= 5.17\(abqa.3.2\)c0
zyxel vmg4005-b60a_firmware <= 5.17\(abqa.3.2\)c0
zyxel ax7501-b1_firmware <= 5.17\(abpc.7.1\)c0
zyxel pe3301-00_firmware <= 5.63\(acmt.2.1\)c0
zyxel pe5301-01_firmware <= 5.63\(acoj.2.1\)c0
zyxel pm3100-t0_firmware <= 5.42\(acbf.4.1\)c0
zyxel pm5100-t0_firmware <= 5.42\(acbf.4.1\)c0
zyxel pm5100-t1_firmware <= 5.42\(acbf.4.1\)c0
zyxel pm7300-t0_firmware <= 5.42\(abyy.4.1\)c0
zyxel px3321-t1_firmware <= 5.44\(achk.3\)c0
zyxel px3321-t1_firmware <= 5.44\(acjb.1.5\)c0
zyxel px5301-t0_firmware <= 5.44\(ackb.0.6\)c0
zyxel scr_50axe_firmware <= 1.30\(acgn.0\)c0
zyxel vmg8623-t50b_firmware <= 5.50\(abpm.9.7\)c0
zyxel we3300-00_firmware <= 5.70\(acka.1.1\)c0
zyxel wx3100-t0_firmware <= 5.50\(abvl.4.9\)c0
zyxel wx3401-b1_firmware <= 5.17\(abve.2.10\)c0
zyxel wx5600-t0_firmware <= 5.70\(aceb.5.1\)c0
zyxel wx5610-b0_firmware <= 5.18\(acgj.0.5\)c0
Original title
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(AB...
Original description
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
nvd CVSS3.1 4.9
Vulnerability type
CWE-476 NULL Pointer Dereference
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026