Vulnerability Description
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Ee5301-00 Firmware | < 5.63\(acld.2.1\)c0 |
| Zyxel | Ee5301-00 | - |
| Zyxel | Ee3301-00 Firmware | < 5.63\(acmu.2.1\)c0 |
| Zyxel | Ee3301-00 | - |
| Zyxel | Dx5401-B1 Firmware | < 5.17\(abyo.7.1\)c0 |
| Zyxel | Dx5401-B1 | - |
| Zyxel | Dx4510-B1 Firmware | < 5.17\(abyl.10.1\)c0 |
| Zyxel | Dx4510-B1 | - |
| Zyxel | Dx4510-B0 Firmware | < 5.17\(abyl.10.1\)c0 |
| Zyxel | Dx4510-B0 | - |
| Zyxel | Dx3301-T0 Firmware | < 5.50\(abvy.7.1\)c0 |
| Zyxel | Dx3301-T0 | - |
| Zyxel | Dx3300-T1 Firmware | < 5.50\(abvy.7.1\)c0 |
| Zyxel | Dx3300-T1 | - |
| Zyxel | Dx3300-T0 Firmware | < 5.50\(abvy.7.1\)c0 |
| Zyxel | Dx3300-T0 | - |
| Zyxel | Ee6510-10 Firmware | < 5.19\(acjq.4.1\)c0 |
| Zyxel | Ee6510-10 | - |
| Zyxel | Emg3525-T50B Firmware | < 5.50\(abpm.9.7\)c0 |
| Zyxel | Emg3525-T50B | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-11848?
CVE-2025-11848 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL....
How severe is CVE-2025-11848?
CVE-2025-11848 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11848?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Ee5301-00 Firmware, Zyxel Ee5301-00, Zyxel Ee3301-00 Firmware, Zyxel Ee3301-00, Zyxel Dx5401-B1 Firmware.