EIP-2026-101503

PRE-CVE

ZyWALL USG Appliance - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101503. PoCs published by RedTeam Pentesting.

AI-analyzed exploit summary This is a detailed advisory describing an authentication bypass vulnerability in ZyXEL ZyWALL USG appliances, allowing unauthenticated users to download and upload configuration files. The writeup includes steps for decrypting firmware files and exploiting the web interface bypass.

Description

ZyWALL USG Appliance - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by RedTeam Pentesting · textremotehardware

https://www.exploit-db.com/exploits/17244

View Code ZIP pw:eip

This is a detailed advisory describing an authentication bypass vulnerability in ZyXEL ZyWALL USG appliances, allowing unauthenticated users to download and upload configuration files. The writeup includes steps for decrypting firmware files and exploiting the web interface bypass.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: ZyXEL ZyWALL USG appliances (various models) with firmware releases before April 25, 2011

No auth needed

Prerequisites: Access to the management web interface of the ZyXEL ZyWALL USG appliance

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026