Description
** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present.
Published: 2026-04-21
Score: 4.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from improper handling of SSID encoding in the CGI component of the Zyxel WRE6505 v2 firmware. When an attacker on the local WLAN delivers a specially crafted SSID and an authenticated administrator visits the “AP Select” page, the web management interface crashes, resulting in a denial of service. This flaw falls under CWE‑116 and carries a CVSS score of 4.5, indicating moderate risk to the availability of the device’s management console.

Affected Systems

The affected devices are Zyxel WRE6505 v2 routers running firmware version V1.00(ABDV.3)C0. No other versions or products are listed as vulnerable.

Risk and Exploitability

Because exploitation requires an adjacent attacker on the same wireless network and an authenticated administrator to trigger the page load, the threat is largely local. The EPSS score is not available, and the flaw is not yet listed in the CISA KEV catalog, suggesting no known widespread exploitation. The CVSS 4.5 indicates a moderate likelihood of causing availability impact, but the need for proximity and authentication reduces the effective risk compared to remote attacks.

Generated by OpenCVE AI on April 21, 2026 at 15:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WRE6505 firmware to the latest supported version that addresses the impaired encoding issue.
  • If no firmware update is available, restrict web‑management access to a dedicated, trusted network segment or disable the “AP Select” page entirely.
  • Segment the wireless network to prevent unauthenticated or malicious devices from having direct access to the router’s management interface; consider deploying separate guest WLANs and applying strict ACLs.

Generated by OpenCVE AI on April 21, 2026 at 15:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel
Zyxel wre6505 Firmware
Vendors & Products Zyxel
Zyxel wre6505 Firmware

Tue, 21 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Improper Encoding in Zyxel WRE6505 Web Management Interface

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Description **UNSUPPORTED WHEN ASSIGNED** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present. ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present.

Tue, 21 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Description **UNSUPPORTED WHEN ASSIGNED** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present.
Weaknesses CWE-116
References
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Zyxel Wre6505 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2026-04-21T13:26:29.283Z

Reserved: 2026-04-10T01:11:47.075Z

Link: CVE-2026-6058

cve-icon Vulnrichment

Updated: 2026-04-21T13:26:25.786Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-21T02:16:08.500

Modified: 2026-04-21T16:20:24.180

Link: CVE-2026-6058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:46:53Z

Weaknesses