Description
** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
Published: 2026-05-12
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper restriction of excessive authentication attempts in the web management interface of Zyxel WRE6505 v2 firmware allows an adjacent LAN attacker to repeatedly try login credentials until success. This flaw enables authentication bypass and gives the attacker administrative access, potentially exposing configuration and compromising network control. The weakness is identified as CWE-307.

Affected Systems

Devices running Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 are affected. No official patch is documented; the product is listed as end‑of‑life by Zyxel, but no specific fix is referenced.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. EPSS data is not available and the vulnerability is not listed in CISA KEV, but the absence of these metrics does not reduce the real‑world risk. An attacker with local LAN access can brute‑force the web console, obtain administrative privileges, and alter device settings or disable services.

Generated by OpenCVE AI on May 12, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict LAN access to the management interface using firewall rules or VLAN isolation so that only trusted hosts can reach the management port.
  • Enforce strong, unique passwords on the device and change any default credentials immediately.
  • If the Web Management feature is not required, disable it, or move management to a secure remote access method such as SSH with key authentication.

Generated by OpenCVE AI on May 12, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel
Zyxel wre6505 Firmware
Vendors & Products Zyxel
Zyxel wre6505 Firmware

Tue, 12 May 2026 06:30:00 +0000

Type Values Removed Values Added
Title Brute‑Force Authentication Vulnerability in Zyxel WRE6505 v2 Firmware

Tue, 12 May 2026 04:15:00 +0000

Type Values Removed Values Added
Description ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
Weaknesses CWE-307
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Zyxel Wre6505 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2026-05-12T12:50:16.716Z

Reserved: 2026-04-28T02:06:53.906Z

Link: CVE-2026-7255

cve-icon Vulnrichment

Updated: 2026-05-12T12:50:11.638Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T04:16:29.143

Modified: 2026-05-12T15:11:29.503

Link: CVE-2026-7255

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T08:45:11Z

Weaknesses