CVE-2026-3871
Description
A buffer overflow in Zyxel VMG4005-B50B firmware's UPnP DeletePortMapping() command can cause a temporary DoS for adjacent attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in Zyxel VMG4005-B50B firmware's UPnP DeletePortMapping() command can cause a temporary DoS for adjacent attackers.
Vulnerability
A buffer overflow vulnerability exists in the UPnP DeletePortMapping() command within Zyxel VMG4005-B50B firmware versions up to and including 5.13(ABRL.5.4)C0. This vulnerability affects the UPnP function of the device.
Exploitation
An adjacent attacker, operating within the same LAN/WLAN environment, can exploit this vulnerability by triggering the DeletePortMapping() command. The device will continue to process network traffic even if the attack is successful.
Impact
Successful exploitation of this vulnerability allows an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device. The device will continue to function as expected when processing network traffic.
Mitigation
Zyxel has released firmware patches to address this vulnerability. Users are advised to update their devices to a patched firmware version. Specific details on affected models and patch availability can be found in the vendor's security advisory [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=5.13(ABRL.5.4)C0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.