CVE-2025-13942 Zyxel — Exploit & Vulnerability Details CRITICAL

CVE-2025-13942

CRITICAL CVSS 3.1: 9.8 EPSS 0.17%

Parameter	Value
CVSS	9.8 (CRITICAL)
Type	CWE-78 (OS Command Injection)
Vendor	Zyxel
Public PoC	No

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-78 OS Command Injection

References 1

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advi…

security@zyxel.com.tw

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1459

Zyxel

7.2

CVE-2025-13943

Zyxel

8.8

CVE-2025-11848

Zyxel

4.9

CVE-2025-11847

Zyxel

4.9

CVE-2025-11846

Zyxel

4.9

Menu

CVE-2025-13942

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1459

CVE-2025-13943

CVE-2025-11848

CVE-2025-11847

CVE-2025-11846

CVE Details

Editor's Choice

Menu

CVE-2025-13942

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1459

CVE-2025-13943

CVE-2025-11848

CVE-2025-11847

CVE-2025-11846

CVE Details

Editor's Choice

Stay informed on cybersecurity