Critical Vulnerabilities in ZLAN Serial-to-Ethernet Devices Expose Industrial Networks to Remote Takeover The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory (ICSA-26-041-02) highlighting two severe vulnerabilities in ZLAN Information Technology Co.’s ZLAN5143D serial-to-Ethernet device server, a widely used component in industrial environments. These flaws, discovered by KPMG researchers Shorabh Karir and Deepak Singh, allow attackers to bypass authentication entirely or reset device passwords, granting full administrative control without requiring credentials or user interaction. The vulnerabilities CVE-2026-25084 (missing authentication for critical functions) and CVE-2026-24789 (authentication bypass for password resets) both carry a CVSS v3.1 score of 9.8 (Critical) due to their low attack complexity and remote exploitability. The affected firmware version is 1.600, and while no public exploits have been reported, the simplicity of the flaws makes them attractive targets for threat actors seeking to disrupt industrial operations or move laterally into operational technology (OT) networks. ZLAN5143D devices are commonly deployed in manufacturing and industrial control systems (ICS), where they bridge legacy serial equipment with modern Ethernet networks. Exploitation could lead to production halts, unauthorized configuration changes, or deeper network intrusions, particularly in environments where OT and IT networks intersect. CISA recommends immediate mitigation steps, including isolating devices from the internet, segmenting control networks, and using VPNs for remote access though only on patched endpoints. Organizations are urged to audit networks for exposed devices, apply vendor patches, and monitor for anomalous activity. The advisory underscores the risks posed by outdated ICS hardware in critical infrastructure, where unaddressed vulnerabilities could have cascading operational impacts.