Hubert Ws Lin

**Name of the Vulnerable Software and Affected Versions** ZyXEL P-870H-51 DSL Router version 1.00(AWG.3)D5 **Description** This issue allows remote attackers to cause a denial-of-service condition on vulnerable installations. Authentication is not required to exploit this issue. The specific flaw exists within numerous exposed CGI endpoints, such as `/api/v1/login` or `/users/{id}`, due to improper access controls that allow access to critical functions without authentication. An attacker can use this issue to reboot affected devices, along with other actions. **Recommendations** For ZyXEL P-870H-51 DSL Router version 1.00(AWG.3)D5, consider restricting access to critical functions and CGI endpoints to minimize the risk of exploitation. As a temporary workaround, consider disabling access to vulnerable CGI endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.