CVE-2026-24789

Summary

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.

Affected Software

VendorProductVersion RangeStatus
ZLAN Information Technology Co.ZLAN5143Dv1.600affected

Weaknesses

  • CWE-306: CWE-306

Workarounds

ZLAN Information Technology Co. did not respond to CISA's attempts at coordination. Users of ZLAN5143D devices are encouraged to contact ZLAN and keep their systems up to date. https://www.zlmcu.com/en/contatct_us.htm

https://www.zlmcu.com/en/contatct_us.htm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References