CVE-2026-3870
Description
A buffer overflow in Zyxel VMG4005-B50B UPnP AddPortMapping() allows adjacent attackers to cause a temporary DoS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in Zyxel VMG4005-B50B UPnP AddPortMapping() allows adjacent attackers to cause a temporary DoS.
Vulnerability
A buffer overflow vulnerability exists in the UPnP AddPortMapping() command within Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0. This vulnerability affects DSL/Ethernet CPE devices and can only be exploited within a LAN/WLAN environment [1].
Exploitation
An adjacent attacker, operating within the same local network (LAN/WLAN), can exploit this vulnerability by sending specially crafted data to the UPnP AddPortMapping() function. No specific authentication or user interaction is mentioned as required for exploitation [1].
Impact
Successful exploitation of this vulnerability allows an attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device. The device will continue to process network traffic normally even if the attack is successful [1].
Mitigation
Zyxel has released firmware patches to address this vulnerability. The affected version for the VMG4005-B50B is 5.13(ABRL.5.4)C0 and earlier. Users are advised to install the available patches. Products not listed in the advisory are not affected [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=5.13(ABRL.5.4)C0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.