Improper Authentication Vulnerability in Zyxel WRE6505 v2 Firmware
CVE-2026-7255

6.5MEDIUM

Key Information:

Vendor: Zyxel
Status: Wre6505 V2 Firmware
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-7255?

The Zyxel WRE6505 v2 firmware contains a vulnerability in its web management interface that allows an adjacent attacker on the local area network (LAN) to conduct a brute-force attack on the device's password protection. This flaw stems from improper restrictions placed on authentication attempts, which can enable unauthorized access and potentially compromise the device's security.

Affected Version(s)

WRE6505 v2 firmware V1.00(ABDV.3)C0

References

https://www.zyxel.com/global/en/support/end-of-life

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-7255 Data

JSON