CVE-2025-6599

MEDIUM

Zyxel DX3301-T0 <5.50(ABVY.6.3)C0 - DoS

Title source: llm

Description

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

References (1)

[Vendor Advisory] https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025

Scores

CVSS v3 5.3

EPSS 0.0006

EPSS Percentile 19.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-400

Status published

Affected Products (50)

zyxel/lte3301-plus_firmware < 1.00\(abqu.7\)c0

zyxel/nr5103_firmware < 4.19\(abyc.8\)c0

zyxel/nr5103e_firmware < 1.00\(acdj.1\)c0

zyxel/nr5309_firmware < 1.00\(ackp.1\)b3

zyxel/nr7302_firmware < 5.00\(acha.5\)c0

zyxel/nr7303_firmware < 1.00\(acei.1\)c0

zyxel/nebula_fwa505_firmware < 1.19\(acko.0\)c0

zyxel/nebula_fwa510_firmware < 1.20\(acgd.1\)c0

zyxel/nebula_fwa515_firmware < 1.50\(acpz.0\)c0

zyxel/nebula_fwa710_firmware < 1.20\(acgc.0\)c0

zyxel/dm4200-b0_firmware < 5.17\(acbs.1.3\)c0

zyxel/dx3300-t0_firmware < 5.50\(abvy.6.3\)c0

zyxel/dx3300-t1_firmware < 5.50\(abvy.6.3\)c0

zyxel/dx3301-t0_firmware < 5.50\(abvy.6.3\)c0

zyxel/dx4510-b1_firmware < 5.17\(abyl.9\)c0

... and 35 more

Timeline

Published Nov 18, 2025

Tracked Since Feb 18, 2026