CVE-2026-25084
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZLAN Information Technology Co. | ZLAN5143D | v1.600 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
ZLAN Information Technology Co. did not respond to CISA's attempts at coordination. Users of ZLAN5143D devices are encouraged to contact ZLAN and keep their systems up to date. https://www.zlmcu.com/en/contatct_us.htm
https://www.zlmcu.com/en/contatct_us.htm
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-02
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-041-02.json
- https://www.zlmcu.com/en/contact_us.htm
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.