Critical ZLAN5143D Flaws (CVSS 9.8) Allow Total Takeover, No Patch Available

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding high-severity vulnerabilities in industrial connectivity hardware manufactured by ZLAN Information Technology. The advisory highlights two critical flaws in the ZLAN5143D serial-to-ethernet server that could allow attackers to walk right past security controls and take full command of the device.

With both vulnerabilities carrying a maximum CVSS score of 9.8, the risk to operational technology (OT) environments is immediate and severe. Even more concerning: the vendor appears to have gone silent.

The vulnerabilities, affecting firmware version 1.600, completely undermine the device’s authentication mechanisms.

• The Bypass (CVE-2026-25084): This flaw allows an attacker to bypass the login screen entirely. As the advisory notes, “Authentication for the device can be bypassed by directly accessing internal URLs”. Simply knowing where to look is enough to get in.
• The Takeover (CVE-2026-24789): If bypassing the login wasn’t enough, this second flaw allows attackers to lock out the legitimate owners. The report explains that “an unprotected API endpoint allows an attacker to remotely change the device password without providing authentication”.

Together, these flaws create a scenario where “successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password,” effectively handing control of the serial communication gateway to any remote adversary.

Perhaps the most troubling aspect of this disclosure is the lack of a coordinated fix. CISA’s advisory indicates that their attempts to work with the vendor were unsuccessful.

“ZLAN Information Technology Co. did not respond to CISA’s attempts at coordination,” the agency stated.

With no official patch confirmed in the advisory, users of the ZLAN5143D are in a precarious position. CISA encourages organizations to “contact ZLAN and keep their systems up to date”.

In the interim, administrators should aggressively isolate these devices from the public internet and restrict network access to trusted management subnets only to prevent unauthorized exploitation.

Related Posts:

• Using Firefox Google Container addon to isolate Google
• Windows Security Alert: Secure Boot Certificates Expiring in 2026, Update Now
• CVE-2025-34028: Critical RCE Flaw in Commvault Command Center Scores CVSS 10
• CISA Warns of Unpatched Avation & RISS Critical Flaws