PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-4795 Zyxel CVE debrief

A missing authorization vulnerability in Zyxel GS1200v3 series switches allows unauthenticated LAN attackers to read system configuration from a log file via crafted HTTP requests. The vulnerability affects GS1200-5v3, GS1200-8v3, GS1200-5HPv3, GS1200-8HPv3, and GS1200-10v3 models running firmware through specified versions. The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates attack from adjacent network, low complexity, no privileges required, no user interaction, with high confidentiality impact. The weakness is categorized as CWE-862 (Missing Authorization). Zyxel has published a security advisory addressing this vulnerability.

Vendor
Zyxel
Product
GS1200-5v3 firmware
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-26
Original CVE updated
2026-05-26
Advisory published
2026-05-26
Advisory updated
2026-05-26

Who should care

Network administrators managing Zyxel GS1200v3 series switches; security teams responsible for network infrastructure hardening; organizations using affected models in production environments

Technical summary

The vulnerability stems from missing authorization checks on HTTP endpoints that expose log files containing system configuration data. An attacker on the same LAN segment can craft HTTP requests to retrieve these logs without authentication. The attack requires network adjacency but no user interaction or privileges. Affected firmware versions include: GS1200-5v3 through 1.00(ACPS.2)C0, GS1200-8v3 through 1.00(ACPT.2)C0, GS1200-5HPv3 through 1.00(ACPU.2)C0, GS1200-8HPv3 through 1.00(ACPV.2)C0, and GS1200-10v3 through 1.00(ACPW.2)C0.

Defensive priority

medium

Recommended defensive actions

  • Review Zyxel security advisory for affected firmware versions and apply patches if available
  • Restrict network access to Zyxel GS1200v3 switch management interfaces to authorized administrative hosts only
  • Monitor for unauthorized HTTP requests to log file endpoints on affected switch models
  • Segment switch management VLANs from general user LAN access to reduce attack surface
  • Audit switch configurations for exposure of sensitive data in log files

Evidence notes

CVE published 2026-05-26; modified same day. Vendor advisory dated 05-26-2026 confirms Zyxel as affected vendor. CVSS 6.5 MEDIUM severity. Not in KEV catalog.

Official resources

2026-05-26