Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
Take action: If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.
Learn More
CISA reports two critical vulnerabilities affecting ZLAN Information Technology Co. in its ZLAN5143D serial-to-Ethernet converters.
Vulnerabilities summary:
- CVE-2026-25084 (CVSS score 9.8) - A missing authentication vulnerability that allows attackers to bypass security controls by directly accessing internal URLs. By navigating to specific paths within the web interface, an unauthenticated user can gain access to critical functions without providing credentials.
- CVE-2026-24789 (CVSS score 9.8) - An unprotected API endpoint vulnerability that enables remote attackers to change the device password without any authentication. An attacker can send a crafted request to the vulnerable endpoint to overwrite the existing administrator password.
A successful exploit allows attackers to take control of the devices, manipulate data flow between industrial machines, potentially causing physical disruption or equipment damage.
The vulnerability affects ZLAN5143D running firmware version v1.600. According to CISA, there is currently no official firmware update available from the vendor to address these issues.
Organizations using these gateways should isolate the devices. CISA recommends ensuring that all control system devices are not accessible from the public internet and are located behind firewalls. If remote access is necessary, administrators should use secure Virtual Private Networks (VPNs). All users should contact ZLAN directly to request security information and potential future patches.
