CVE-2026-25084

Summary

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.

Affected Software

VendorProductVersion RangeStatus
ZLAN Information Technology Co.ZLAN5143Dv1.600affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

ZLAN Information Technology Co. did not respond to CISA's attempts at coordination. Users of ZLAN5143D devices are encouraged to contact ZLAN and keep their systems up to date. https://www.zlmcu.com/en/contatct_us.htm

https://www.zlmcu.com/en/contatct_us.htm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References