ZLAN Information Technology Co. ZLAN5143D

Plan PatchCVSS 9.8ICS-CERT ICSA-26-041-02Feb 10, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ZLAN5143D devices contain authentication bypass and password reset vulnerabilities (CWE-306) that allow unauthenticated attackers to gain full control. The vendor has not provided a patch and did not respond to CISA coordination attempts. Users are advised to contact ZLAN directly for updates and to implement network-level protections in the interim.

What this means

What could happen

An attacker could bypass authentication on ZLAN5143D devices or reset the admin password, gaining full control over the device and any industrial processes it controls.

Who's at risk

Water authorities and municipal electric utilities using ZLAN5143D devices for process monitoring, control, or data collection. Any facility relying on this equipment for critical infrastructure operations should prioritize this vulnerability.

How it could be exploited

An attacker on the network could send specially crafted requests to the ZLAN5143D to bypass authentication mechanisms or reset credentials without valid user input, allowing unauthorized access and command execution on the device.

Prerequisites

Network access to the ZLAN5143D device
No valid credentials required

remotely exploitableno authentication requiredlow complexityno patch availablecritical severity (CVSS 9.8)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

ZLAN5143D: v1.600v1.600No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HOTFIXContact ZLAN Information Technology Co. directly via https://www.zlmcu.com/en/contatct_us.htm to request a firmware update or security patch

HARDENINGRestrict network access to ZLAN5143D devices to only authorized engineering workstations and control systems; use firewall rules to block access from untrusted networks

WORKAROUNDMonitor ZLAN5143D devices for unauthorized login attempts and credential resets using available logging and alerting mechanisms

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXIf a firmware update becomes available from ZLAN, apply it during a scheduled maintenance window after testing in a non-production environment

CVEs (2)

CVE-2026-25084 CVE-2026-24789

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6f166b8a-93e7-4f91-8f0d-d22d4028e01e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.