Description
A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Published: 2026-06-02
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the UPnP AddPortMapping command on Zyxel VMG4005-B50B firmware versions up to 5.13(ABRL.5.4)C0. The flaw allows an attacker to send a carefully crafted UPnP request that overflows the server’s input buffer, causing a temporary denial‑of‑service of the device’s UPnP functionality. The overflow does not give direct code execution or persistent compromise, but it can interrupt network port‑mapping services for users who rely on UPnP to manage traffic flows.

Affected Systems

The vulnerability affects Zyxel VMG4005-B50B routers running firmware versions through 5.13(ABRL.5.4)C0. Users of earlier firmware are not impacted, while newer builds beyond this version are presumed patched. The flaw applies specifically to the UPnP protocol implementation bundled with the device’s firmware.

Risk and Exploitability

With a CVSS score of 6.5, the risk is considered medium. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, indicating no widespread exploitation has been reported. The likely attack vector is a local or near‑network attacker able to communicate with the UPnP services, which is plausible for devices exposed to the internet or shared networks. Exploitation requires only the ability to send a malformed UPnP packet; the effect is a short‑lived denial of the UPnP interface, potentially disrupting applications that automatically configure port forwards. Given the moderate severity and the ease of mitigation, prompt action is recommended.

Generated by OpenCVE AI on June 2, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to the latest Zyxel release that removes the UPnP buffer overflow flaw.
  • If the firmware cannot be updated immediately, disable the UPnP service on the router to eliminate the attack surface.
  • If UPnP is required, monitor the device’s logs for failed or repeated AddPortMapping attempts and consider rate limiting or filtering UPnP traffic at the network perimeter.

Generated by OpenCVE AI on June 2, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel
Zyxel vmg4005-b50b Firmware
Vendors & Products Zyxel
Zyxel vmg4005-b50b Firmware

Tue, 02 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Title Upnp AddPortMapping Buffer Overflow Causes Temporary Denial of Service in Zyxel VMG4005-B50B

Tue, 02 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Zyxel Vmg4005-b50b Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2026-06-02T01:54:49.100Z

Reserved: 2026-03-10T08:42:15.293Z

Link: CVE-2026-3870

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T03:16:16.890

Modified: 2026-06-02T03:16:16.890

Link: CVE-2026-3870

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T04:00:11Z

Weaknesses