PatchSiren cyber security CVE debrief
CVE-2026-24789 ZLAN Information Technology Co. CVE debrief
CVE-2026-24789 is a critical authentication-bypass issue in ZLAN Information Technology Co. ZLAN5143D devices. According to CISA’s advisory, an unprotected API endpoint allows a remote attacker to change the device password without providing authentication. The CVSS v3.1 score is 9.8, reflecting network reachability, no required privileges, no user interaction, and high impact to confidentiality, integrity, and availability.
- Vendor
- ZLAN Information Technology Co.
- Product
- ZLAN5143D
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-02-10
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-02-10
Who should care
Organizations that deploy or manage ZLAN5143D devices, especially OT/ICS operators, network administrators, security teams responsible for remote management paths, and asset owners that may have these devices reachable from internal or external networks.
Technical summary
The advisory describes an unauthenticated API endpoint that permits remote password modification on ZLAN5143D. That behavior maps to a classic authentication weakness (CWE-306 reference included in the source set) and is consistent with a high-severity network-exploitable flaw: AV:N, AC:L, PR:N, UI:N, S:U, C:H, I:H, A:H. The CISA CSAF entry was initially published on 2026-02-10 and notes SSVCv2/E:N/A:Y with the timestamp 2026-02-06T07:00:00.000000Z. CISA also states that ZLAN Information Technology Co. did not respond to coordination attempts.
Defensive priority
Immediate. Treat as a critical remote-authentication flaw that could enable account takeover or unauthorized device control. Prioritize any ZLAN5143D instances exposed to broader networks, and assume management interfaces should be isolated until a vendor update or mitigation is confirmed.
Recommended defensive actions
- Inventory all ZLAN5143D deployments and identify where the management/API endpoint is reachable.
- Restrict access to device management interfaces using segmentation, allowlists, VPN, or jump hosts; avoid exposure to untrusted networks.
- Contact ZLAN Information Technology Co. through the vendor contact path in the advisory and check for updates or mitigations.
- Review device logs and management activity for unauthorized password changes or other unexpected administrative actions.
- If exposure is suspected, rotate credentials and temporarily isolate the device from nonessential network access.
- Apply CISA ICS recommended practices and defense-in-depth guidance to reduce the blast radius of any management-plane weakness.
Evidence notes
The source corpus is a CISA CSAF advisory (ICSA-26-041-02) published on 2026-02-10 for ZLAN Information Technology Co. ZLAN5143D. The advisory text states: “An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.” The included CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and the advisory notes that ZLAN did not respond to CISA’s coordination attempts.
Official resources
-
CVE-2026-24789 CVE record
CVE.org
-
CVE-2026-24789 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-26-041-02 on 2026-02-10. The advisory states that ZLAN Information Technology Co. did not respond to CISA’s coordination attempts and directs users to contact the vendor and keep systems up to date.