Description
A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Published: 2026-06-02
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow in the UPnP DeletePortMapping command on certain Zyxel routers can cause a temporary denial of service to the UPnP functionality. An attacker who can send a crafted request to the affected device may crash the UPnP process, leaving the user unable to create or delete port mappings until the service is restarted or the device is rebooted. This flaw specifically exploits a memory‑sanitization failure related to CWE‑120.

Affected Systems

Zyxel VMG4005‑B50B firmware versions 5.13(ABRL.5.4)C0 and older. The vulnerability is present in the UPnP implementation of these firmware releases.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, suggesting it is not currently widely exploited. The likely attack vector is local or adjacent, as UPnP normally accepts requests from devices on the same network. An attacker who has network access to the router could send the malicious DeletePortMapping request and trigger the DoS. The lack of a public exploit and limited exposure reduce the immediate threat, but the impact on network connectivity makes mitigation advisable.

Generated by OpenCVE AI on June 2, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Zyxel firmware that patches the UPnP buffer overflow
  • If UPnP is not required, disable the UPnP service in the router’s settings
  • Limit local network access to trusted devices and consider network segmentation to isolate the router from potential attackers

Generated by OpenCVE AI on June 2, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel
Zyxel vmg4005-b50b Firmware
Vendors & Products Zyxel
Zyxel vmg4005-b50b Firmware

Tue, 02 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Zyxel VMG4005‑B50B UPnP DeletePortMapping Leading to Temporary DoS

Tue, 02 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Zyxel Vmg4005-b50b Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2026-06-02T02:04:17.047Z

Reserved: 2026-03-10T08:42:18.809Z

Link: CVE-2026-3871

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T03:16:17.023

Modified: 2026-06-02T03:16:17.023

Link: CVE-2026-3871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T04:00:11Z

Weaknesses